From 8c0a9029454d937a20bc8b8b38a346ae5e600e41 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Wed, 31 Jan 2024 00:22:24 +0100 Subject: [PATCH] options: cleanup, move dns into dns --- hosts/architect/options.nix | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) diff --git a/hosts/architect/options.nix b/hosts/architect/options.nix index 4d8bef0..2540217 100644 --- a/hosts/architect/options.nix +++ b/hosts/architect/options.nix @@ -2,10 +2,6 @@ with lib; -let - utilities = import ./utilities.nix { inherit lib config; }; - inherit (utilities) architectInterfaceAddress; -in { options.architect = { firewall = { @@ -17,14 +13,6 @@ in type = types.listOf types.int; default = [ ]; }; - openTCPVPN = mkOption { - type = types.listOf types.int; - default = [ ]; - }; - openUDPVPN = mkOption { - type = types.listOf types.int; - default = [ ]; - }; }; networks = mkOption { @@ -118,12 +106,6 @@ in default = false; description = "If set to false, deny all WAN traffic."; }; - - deny = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "IP address or CIDR block to deny."; - }; }; }); default = { }; @@ -136,6 +118,7 @@ in }; }; + # TODO: move to nginx config = { services.nginx.virtualHosts = mapAttrs (domain: conf: { @@ -147,21 +130,12 @@ in proxyWebsockets = location.proxyWebsockets; extraConfig = '' ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} - ${optionalString (!location.allowWAN) "deny all;"} - ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny} ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''} + ${optionalString (!location.allowWAN) "deny all;"} '' + location.extraConfig; }) conf.locations; }) config.architect.vhost; - - networking.extraHosts = concatStringsSep "\n" ( - mapAttrsToList - (domain: conf: concatMapStringsSep "\n" - (iface: "${architectInterfaceAddress iface} ${domain}") - conf.dnsInterfaces) - config.architect.vhost - ); }; }