peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

options: cleanup, move dns into dns

Browse Source
This commit is contained in:
Giulio De Pasquale 2024-01-31 00:22:24 +01:00
parent 8ce5e14da2
commit 8c0a902945
1 changed files with 2 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
hosts/architect/options.nix
View File

@ -2,10 +2,6 @@
with lib; with lib;
let
utilities = import ./utilities.nix { inherit lib config; };
inherit (utilities) architectInterfaceAddress;
in
{ {
options.architect = { options.architect = {
firewall = { firewall = {
@ -17,14 +13,6 @@ in
type = types.listOf types.int; type = types.listOf types.int;
default = [ ]; default = [ ];
}; };
openTCPVPN = mkOption {
type = types.listOf types.int;
default = [ ];
};
openUDPVPN = mkOption {
type = types.listOf types.int;
default = [ ];
};
}; };
networks = mkOption { networks = mkOption {
@ -118,12 +106,6 @@ in
default = false; default = false;
description = "If set to false, deny all WAN traffic."; description = "If set to false, deny all WAN traffic.";
}; };
deny = mkOption {
type = types.listOf types.str;
default = [ ];
description = "IP address or CIDR block to deny.";
};
}; };
}); });
default = { }; default = { };
@ -136,6 +118,7 @@ in
}; };
}; };
# TODO: move to nginx
config = { config = {
services.nginx.virtualHosts = mapAttrs services.nginx.virtualHosts = mapAttrs
(domain: conf: { (domain: conf: {
@ -147,21 +130,12 @@ in
proxyWebsockets = location.proxyWebsockets; proxyWebsockets = location.proxyWebsockets;
extraConfig = '' extraConfig = ''
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
${optionalString (!location.allowWAN) "deny all;"}
${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''} ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''}
${optionalString (!location.allowWAN) "deny all;"}
'' + location.extraConfig; '' + location.extraConfig;
}) })
conf.locations; conf.locations;
}) })
config.architect.vhost; config.architect.vhost;
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList
(domain: conf: concatMapStringsSep "\n"
(iface: "${architectInterfaceAddress iface} ${domain}")
conf.dnsInterfaces)
config.architect.vhost
);
}; };
} }