From ceeb079b58024b6d8f6f9e0364fcbcbdc4aea047 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Sat, 27 Sep 2025 10:27:57 -0700
Subject: [PATCH] fix(nftables): broken include symlinks

---
 modules/nixos/access/peeps.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/access/peeps.nix b/modules/nixos/access/peeps.nix
index ab68fc90..7b8d1523 100644
--- a/modules/nixos/access/peeps.nix
+++ b/modules/nixos/access/peeps.nix
@@ -47,10 +47,12 @@ in {
       mkBefore nft)
     cfg.ranges;
     condition = "ip6 saddr { ${concatStringsSep "," (mapAttrsToList (name: _: "$" + mkNftName name) cfg.ranges)} }";
+    mkInclude = name: ''include "${cfg.stateDir}/${name}*.nft"'';
+    includes = mapAttrsToList (name: _: mkBefore (mkInclude name)) cfg.ranges;
   in {
     nftables.ruleset = mkIf cfg.enable (mkMerge (
       nftRanges
-      ++ [(mkBefore ''include "${cfg.stateDir}/*.nft"'')]
+      ++ includes
     ));
     firewall.interfaces.peeps = {
       nftables.enable = cfg.enable;