gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(nftables): broken include symlinks

Browse source
This commit is contained in:
arcnmx 2025-09-27 10:27:57 -07:00
parent 8595762c7b
commit ceeb079b58
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/access/peeps.nix
View file

@ -47,10 +47,12 @@ in {
mkBefore nft) mkBefore nft)
cfg.ranges; cfg.ranges;
condition = "ip6 saddr { ${concatStringsSep "," (mapAttrsToList (name: _: "$" + mkNftName name) cfg.ranges)} }"; condition = "ip6 saddr { ${concatStringsSep "," (mapAttrsToList (name: _: "$" + mkNftName name) cfg.ranges)} }";
mkInclude = name: ''include "${cfg.stateDir}/${name}*.nft"'';
includes = mapAttrsToList (name: _: mkBefore (mkInclude name)) cfg.ranges;
in { in {
nftables.ruleset = mkIf cfg.enable (mkMerge ( nftables.ruleset = mkIf cfg.enable (mkMerge (
nftRanges nftRanges
++ [(mkBefore ''include "${cfg.stateDir}/*.nft"'')] ++ includes
)); ));
firewall.interfaces.peeps = { firewall.interfaces.peeps = {
nftables.enable = cfg.enable; nftables.enable = cfg.enable;