mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

fix(nftables): fix missing migration to new nftables firewall branch

Browse source
This commit is contained in:
oddlama 2023-10-15 16:36:16 +02:00
parent 1ae55fa9f6
commit 3e0e03fc31
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 9 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/meta/wireguard-proxy.nix
View file

@ -9,7 +9,6 @@
attrNames attrNames
flip flip
mdDoc mdDoc
mkForce
mkIf mkIf
mkMerge mkMerge
mkOption mkOption
@ -53,7 +52,7 @@ in {
})); }));
networking.nftables.firewall = mkMerge (flip map (attrNames cfg) (proxy: { networking.nftables.firewall = mkMerge (flip map (attrNames cfg) (proxy: {
zones = mkForce { zones = {
# Parent zone for the whole interface # Parent zone for the whole interface
${cfg.${proxy}.nicName}.interfaces = [cfg.${proxy}.nicName]; ${cfg.${proxy}.nicName}.interfaces = [cfg.${proxy}.nicName];
# Subzone to specifically target the proxy host # Subzone to specifically target the proxy host
@ -64,8 +63,7 @@ in {
}; };
}; };
rules = mkForce { rules."${proxy}-to-local" = {
"${proxy}-to-local" = {
from = [proxy]; from = [proxy];
to = ["local"]; to = ["local"];
@ -75,7 +73,6 @@ in {
allowedUDPPorts allowedUDPPorts
; ;
}; };
};
})); }));
}; };
} }