feat: automatically generate allowedTCPPorts for mdns enabled

interfaces; simplify nftables rules by adding a general untrusted zone
2023-05-27 01:59:28 +02:00 · 2023-05-27 01:59:28 +02:00 · 41df399bb6
commit 41df399bb6
parent e37601b486
14 changed files with 231 additions and 168 deletions
--- a/flake.nix
+++ b/flake.nix
@ -89,19 +89,16 @@

      stateVersion = "23.05";

-      hosts = {
-        nom = {
+      hosts = let
+        nixos = system: {
          type = "nixos";
-          system = "x86_64-linux";
-        };
-        ward = {
-          type = "nixos";
-          system = "x86_64-linux";
-        };
-        zackbiene = {
-          type = "nixos";
-          system = "aarch64-linux";
+          inherit system;
        };
+      in {
+        nom = nixos "x86_64-linux";
+        #sentinel = nixos "x86_64-linux";
+        ward = nixos "x86_64-linux";
+        zackbiene = nixos "aarch64-linux";
      };

      colmena = import ./nix/colmena.nix inputs;