feat: add network groups and interface types to network module

2025-04-26 17:11:52 +01:00 · 2025-04-26 17:11:52 +01:00 · 2c350070a3
commit 2c350070a3
parent b1065f61d9
2 changed files with 28 additions and 2 deletions
--- a/modules/core/network.nix
+++ b/modules/core/network.nix
@ -53,6 +53,23 @@ in
      description = "Interfaces grouped by type (lan, wan, vpn) for easy access.";
      internal = true;
    };
+    
+    interfaceTypes = mkOption {
+      type = types.attrsOf types.str;
+      default = {
+        lan = "lan";
+        wan = "wan";
+        vpn = "vpn";
+      };
+      description = "Interface type identifiers for easy reference.";
+    };
+    
+    groups = mkOption {
+      type = types.attrsOf types.str;
+      default = {};
+      description = "Network groups for access control (CIDR ranges).";
+      internal = true;
+    };
  };
  
  config = {
@ -62,5 +79,14 @@ in
      wan = lib.filterAttrs (_: iface: iface.type == "wan") cfg.interfaces;
      vpn = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces;
    };
+    
+    # Create network groups from interfaces
+    pepe.core.network.groups = let
+      lanInterfaces = lib.filterAttrs (_: iface: iface.type == "lan") cfg.interfaces;
+      vpnInterfaces = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces;
+    in {
+      lan = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) lanInterfaces);
+      vpn = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) vpnInterfaces);
+    };
  };
 }
--- a/modules/core/vhost.nix
+++ b/modules/core/vhost.nix
@ -99,8 +99,8 @@ in
            recommendedProxySettings = location.recommendedProxySettings;
            extraConfig = ''
              ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
-              ${optionalString location.allowLAN ''allow ${config.pepe.core.network.interfaces.${config.pepe.core.network.interfaceTypes.lan}.net};''}
-              ${optionalString location.allowVPN ''allow ${config.pepe.core.network.interfaces.${config.pepe.core.network.interfaceTypes.vpn}.net};''}
+              ${optionalString location.allowLAN ''allow ${config.pepe.core.network.groups.lan};''}
+              ${optionalString location.allowVPN ''allow ${config.pepe.core.network.groups.vpn};''}
              ${optionalString (!location.allowWAN) "deny all;"}
            '' + location.extraConfig;
          })