refactor(access): network interface config

2026-02-09 04:19:19 -08:00 · 2024-03-23 21:13:01 -07:00 · 2024-03-23 21:13:01 -07:00 · f2fddc1001
commit f2fddc1001
parent ee3834d72a
42 changed files with 466 additions and 189 deletions
--- a/modules/nixos/postgres.nix
+++ b/modules/nixos/postgres.nix
@ -39,6 +39,9 @@
        tailscale = {
          allow = mkEnableOption "tailscale TCP connections";
        };
+        int = {
+          allow = mkEnableOption "internal TCP connections";
+        };
        local = {
          allow = mkEnableOption "local TCP connections";
        };
@ -55,7 +58,8 @@
        in
          mkMerge [
            (mkIf config.authentication.tailscale.allow cidrForNetwork.tail.all)
-            (mkIf config.authentication.local.allow (cidrForNetwork.loopback.all ++ cidrForNetwork.local.all))
+            (mkIf config.authentication.int.allow cidrForNetwork.int.all)
+            (mkIf config.authentication.local.allow cidrForNetwork.local.all)
          ];
        authentication = mkMerge (map (host: ''
            host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}