gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(access): network interface config

Browse source
This commit is contained in:
arcnmx 2024-03-23 21:13:01 -07:00
parent ee3834d72a
commit f2fddc1001
42 changed files with 466 additions and 189 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/access/ldap.nix
View file

@ -7,8 +7,6 @@ let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.strings) concatMapStringsSep optionalString;
inherit (lib.lists) optionals;
inherit (config.services) tailscale;
inherit (config.services.nginx) virtualHosts;
inherit (config.networking.access) cidrForNetwork localaddrs;
access = config.services.nginx.access.ldap;
@ -16,11 +14,7 @@ let
portSsl = 636;
allows = let
mkAllow = cidr: "allow ${cidr};";
allowAddresses =
cidrForNetwork.loopback.all
++ cidrForNetwork.local.all
++ optionals tailscale.enable cidrForNetwork.tail.all;
allows = concatMapStringsSep "\n" mkAllow allowAddresses + optionalString localaddrs.enable ''
allows = concatMapStringsSep "\n" mkAllow cidrForNetwork.allLocal.all + optionalString localaddrs.enable ''
include ${localaddrs.stateDir}/*.nginx.conf;
'';
in ''