diff --git a/modules/core/network.nix b/modules/core/network.nix index 7fe584a..70d2ac5 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -64,12 +64,6 @@ in description = "Interface type identifiers for easy reference."; }; - groups = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Network groups for access control (CIDR ranges)."; - internal = true; - }; }; config = { @@ -80,13 +74,6 @@ in vpn = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces; }; - # Create network groups from interfaces - pepe.core.network.groups = let - lanInterfaces = lib.filterAttrs (_: iface: iface.type == "lan") cfg.interfaces; - vpnInterfaces = lib.filterAttrs (_: iface: iface.type == "vpn") cfg.interfaces; - in { - lan = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) lanInterfaces); - vpn = lib.concatStringsSep " " (lib.mapAttrsToList (_: iface: iface.net) vpnInterfaces); - }; + # We don't need the groups anymore as we're using interfacesByType directly }; } diff --git a/modules/core/vhost.nix b/modules/core/vhost.nix index f6412ce..feb6741 100644 --- a/modules/core/vhost.nix +++ b/modules/core/vhost.nix @@ -99,8 +99,8 @@ in recommendedProxySettings = location.recommendedProxySettings; extraConfig = '' ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} - ${optionalString location.allowLAN ''allow ${config.pepe.core.network.groups.lan};''} - ${optionalString location.allowVPN ''allow ${config.pepe.core.network.groups.vpn};''} + ${optionalString location.allowLAN (concatMapStringsSep "\n" (name: iface: "allow ${iface.net};") config.pepe.core.network.interfacesByType.lan)} + ${optionalString location.allowVPN (concatMapStringsSep "\n" (name: iface: "allow ${iface.net};") config.pepe.core.network.interfacesByType.vpn)} ${optionalString (!location.allowWAN) "deny all;"} '' + location.extraConfig; })