From 7053b641567be4fc84b1e9e899e15c0831652862 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Tue, 6 May 2025 12:57:02 +0100 Subject: [PATCH] refactor(network-config): update configuration references to use pepe.core.network.interfaces - Refactored config references from `config.architect.networks` to `config.pepe.core.network.interfaces` across multiple files - Updated `fail2ban.nix`, `firewall.nix`, `tailscale.nix`, and `utilities.nix` to align with new configuration structure - Centralized network interface configuration under `pepe.core` for better maintainability - Maintained existing functionality while modernizing configuration hierarchy --- hosts/architect/fail2ban.nix | 4 ++-- hosts/architect/firewall.nix | 16 ++++++++-------- hosts/architect/tailscale.nix | 2 +- hosts/architect/utilities.nix | 9 ++++++--- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/hosts/architect/fail2ban.nix b/hosts/architect/fail2ban.nix index 65836f0..442daca 100644 --- a/hosts/architect/fail2ban.nix +++ b/hosts/architect/fail2ban.nix @@ -7,8 +7,8 @@ packageFirewall = pkgs.nftables; bantime-increment.enable = true; ignoreIP = [ - config.architect.networks.lan.net - config.architect.networks.tailscale.net + config.pepe.core.network.interfaces.tailscale.net + config.pepe.core.network.interfaces.lan.net ]; }; } diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index a6992d7..de3acf0 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -1,14 +1,14 @@ { config, lib, ... }: let - openTCP = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openTCP; - openUDP = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openUDP; - openTCPVPN = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openTCPVPN; - openUDPVPN = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openUDPVPN; + firewallRules = config.pepe.core.firewall; + openTCP = lib.concatMapStringsSep "," (x: toString x) firewallRules.openTCP; + openUDP = lib.concatMapStringsSep "," (x: toString x) firewallRules.openUDP; + ifaces = config.pepe.core.network.interfaces; + + deviceAddress = interface: device: + ifaces.${interface}.devices.${device}.address; - deviceAddress = interface: device: - config.architect.networks.${interface}.devices.${device}.address; - gdevices = [ (deviceAddress "tailscale" "architect") (deviceAddress "tailscale" "dodino") @@ -25,7 +25,7 @@ in nftables = { enable = true; - ruleset = with config.architect.networks; '' + ruleset = with config.pepe.core.network.interfaces; '' table ip raw { chain PREROUTING { type filter hook prerouting priority raw; policy accept; diff --git a/hosts/architect/tailscale.nix b/hosts/architect/tailscale.nix index 1312009..9bc5e76 100644 --- a/hosts/architect/tailscale.nix +++ b/hosts/architect/tailscale.nix @@ -35,5 +35,5 @@ in }; }; - networking.extraHosts = generateDeviceStrings config.architect.networks.tailscale.devices; + networking.extraHosts = generateDeviceStrings config.pepe.core.network.interfaces.tailscale.devices; } diff --git a/hosts/architect/utilities.nix b/hosts/architect/utilities.nix index b61bd7f..4445d10 100644 --- a/hosts/architect/utilities.nix +++ b/hosts/architect/utilities.nix @@ -1,13 +1,16 @@ { config, lib, ... }: +let + ifaces = config.pepe.core.network.interfaces; +in { # device.address device.hostname generateDeviceStrings = devices: lib.concatStringsSep "\n" (lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices); - + getDeviceAddress = interface: device: - config.architect.networks.${interface}.devices.${device}.address; + ifaces.${interface}.devices.${device}.address; architectInterfaceAddress = interface: - config.architect.networks.${interface}.devices.architect.address; + ifaces.${interface}.devices.architect.address; }