fix(nftables): broken include symlinks

2026-02-09 12:29:19 -08:00 · 2025-09-27 10:27:57 -07:00 · 2025-09-27 10:27:57 -07:00 · ceeb079b58
commit ceeb079b58
parent 8595762c7b
1 changed files with 3 additions and 1 deletions
--- a/modules/nixos/access/peeps.nix
+++ b/modules/nixos/access/peeps.nix
@ -47,10 +47,12 @@ in {
      mkBefore nft)
    cfg.ranges;
    condition = "ip6 saddr { ${concatStringsSep "," (mapAttrsToList (name: _: "$" + mkNftName name) cfg.ranges)} }";
+    mkInclude = name: ''include "${cfg.stateDir}/${name}*.nft"'';
+    includes = mapAttrsToList (name: _: mkBefore (mkInclude name)) cfg.ranges;
  in {
    nftables.ruleset = mkIf cfg.enable (mkMerge (
      nftRanges
-      ++ [(mkBefore ''include "${cfg.stateDir}/*.nft"'')]
+      ++ includes
    ));
    firewall.interfaces.peeps = {
      nftables.enable = cfg.enable;