refactor: replace network groups with direct interface type access

modules/core/network.nix

@@ -64,12 +64,6 @@ in
       description = "Interface type identifiers for easy reference.";
     };
     
-    groups = mkOption {
-      type = types.attrsOf types.str;
-      default = {};
-      description = "Network groups for access control (CIDR ranges).";
-      internal = true;
-    };
   };
   
   config = {
@@ -80,13 +74,6 @@ in
       vpn = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces;
     };
     
-    # Create network groups from interfaces
-    pepe.core.network.groups = let
-      lanInterfaces = lib.filterAttrs (_: iface: iface.type == "lan") cfg.interfaces;
-      vpnInterfaces = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces;
-    in {
-      lan = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) lanInterfaces);
-      vpn = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) vpnInterfaces);
-    };
+    # We don't need the groups anymore as we're using interfacesByType directly
   };
 }

modules/core/vhost.nix

@@ -99,8 +99,8 @@ in
             recommendedProxySettings = location.recommendedProxySettings;
             extraConfig = ''
               ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
-              ${optionalString location.allowLAN ''allow ${config.pepe.core.network.groups.lan};''}
-              ${optionalString location.allowVPN ''allow ${config.pepe.core.network.groups.vpn};''}
+              ${optionalString location.allowLAN (concatMapStringsSep "\n" (name: iface: "allow ${iface.net};") config.pepe.core.network.interfacesByType.lan)}
+              ${optionalString location.allowVPN (concatMapStringsSep "\n" (name: iface: "allow ${iface.net};") config.pepe.core.network.interfacesByType.vpn)}
               ${optionalString (!location.allowWAN) "deny all;"}
             '' + location.extraConfig;
           })