fix(nftables): fix missing migration to new nftables firewall branch

2025-10-10 23:00:39 +02:00 · 2023-10-15 16:36:16 +02:00 · 2023-10-15 16:36:16 +02:00 · 3e0e03fc31
commit 3e0e03fc31
parent 1ae55fa9f6
1 changed files with 9 additions and 12 deletions
--- a/modules/meta/wireguard-proxy.nix
+++ b/modules/meta/wireguard-proxy.nix
@ -9,7 +9,6 @@
    attrNames
    flip
    mdDoc
-    mkForce
    mkIf
    mkMerge
    mkOption
@ -53,7 +52,7 @@ in {
    }));

    networking.nftables.firewall = mkMerge (flip map (attrNames cfg) (proxy: {
-      zones = mkForce {
+      zones = {
        # Parent zone for the whole interface
        ${cfg.${proxy}.nicName}.interfaces = [cfg.${proxy}.nicName];
        # Subzone to specifically target the proxy host
@ -64,17 +63,15 @@ in {
        };
      };

-      rules = mkForce {
-        "${proxy}-to-local" = {
-          from = [proxy];
-          to = ["local"];
+      rules."${proxy}-to-local" = {
+        from = [proxy];
+        to = ["local"];

-          inherit
-            (cfg.${proxy})
-            allowedTCPPorts
-            allowedUDPPorts
-            ;
-        };
+        inherit
+          (cfg.${proxy})
+          allowedTCPPorts
+          allowedUDPPorts
+          ;
      };
    }));
  };