peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor(network-config): update configuration references to use pepe.core.network.interfaces

Browse Source 
- Refactored config references from `config.architect.networks` to `config.pepe.core.network.interfaces` across multiple files
- Updated `fail2ban.nix`, `firewall.nix`, `tailscale.nix`, and `utilities.nix` to align with new configuration structure
- Centralized network interface configuration under `pepe.core` for better maintainability
- Maintained existing functionality while modernizing configuration hierarchy
This commit is contained in:
Giulio De Pasquale 2025-05-06 12:57:02 +01:00
parent 9277af4088
commit 7053b64156
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/architect/fail2ban.nix
View File

@ -7,8 +7,8 @@
packageFirewall = pkgs.nftables; packageFirewall = pkgs.nftables;
bantime-increment.enable = true; bantime-increment.enable = true;
ignoreIP = [ ignoreIP = [
config.architect.networks.lan.net config.pepe.core.network.interfaces.tailscale.net
config.architect.networks.tailscale.net config.pepe.core.network.interfaces.lan.net
]; ];
}; };
} }

12
hosts/architect/firewall.nix
View File

@ -1,13 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
let let
openTCP = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openTCP; firewallRules = config.pepe.core.firewall;
openUDP = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openUDP; openTCP = lib.concatMapStringsSep "," (x: toString x) firewallRules.openTCP;
openTCPVPN = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openTCPVPN; openUDP = lib.concatMapStringsSep "," (x: toString x) firewallRules.openUDP;
openUDPVPN = lib.concatMapStringsSep "," (x: toString x) config.architect.firewall.openUDPVPN; ifaces = config.pepe.core.network.interfaces;
deviceAddress = interface: device: deviceAddress = interface: device:
config.architect.networks.${interface}.devices.${device}.address; ifaces.${interface}.devices.${device}.address;
gdevices = [ gdevices = [
(deviceAddress "tailscale" "architect") (deviceAddress "tailscale" "architect")
@ -25,7 +25,7 @@ in
nftables = { nftables = {
enable = true; enable = true;
ruleset = with config.architect.networks; '' ruleset = with config.pepe.core.network.interfaces; ''
table ip raw { table ip raw {
chain PREROUTING { chain PREROUTING {
type filter hook prerouting priority raw; policy accept; type filter hook prerouting priority raw; policy accept;

2
hosts/architect/tailscale.nix
View File

@ -35,5 +35,5 @@ in
}; };
}; };
networking.extraHosts = generateDeviceStrings config.architect.networks.tailscale.devices; networking.extraHosts = generateDeviceStrings config.pepe.core.network.interfaces.tailscale.devices;
} }

7
hosts/architect/utilities.nix
View File

@ -1,13 +1,16 @@
{ config, lib, ... }: { config, lib, ... }:
let
ifaces = config.pepe.core.network.interfaces;
in
{ {
# device.address device.hostname # device.address device.hostname
generateDeviceStrings = devices: lib.concatStringsSep "\n" generateDeviceStrings = devices: lib.concatStringsSep "\n"
(lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices); (lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices);
getDeviceAddress = interface: device: getDeviceAddress = interface: device:
config.architect.networks.${interface}.devices.${device}.address; ifaces.${interface}.devices.${device}.address;
architectInterfaceAddress = interface: architectInterfaceAddress = interface:
config.architect.networks.${interface}.devices.architect.address; ifaces.${interface}.devices.architect.address;
} }