lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move modules from nodes.nix to mapping.nix

Browse source
This commit is contained in:
asyncnomi 2025-07-24 21:22:14 +02:00
parent 4df3c2678d
commit 5103243bfd
5 changed files with 32 additions and 92 deletions
Download patch file Download diff file Expand all files Collapse all files

4
shared/commons/mesh.nix
View file

@ -28,7 +28,7 @@ let
AllowedIPs = [
"172.19.${toString peerConfig.zone}.${toString peerConfig.id}/32"
"fc00::${toString peerConfig.zone}:${toString peerConfig.id}/128"
] ++ lib.optionals (lib.elem peerName mapping.bastion) [
] ++ lib.optionals (lib.elem peerName mapping.bastion.hosts) [
"172.19.${toString (peerConfig.zone + 127)}.0/24"
"fc00:f::${toString (peerConfig.zone + 127)}:0/112"
];
@ -42,7 +42,7 @@ let
};
# Return route for mgmt traffic
bastionConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.bastion) peerConfigs;
bastionConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.bastion.hosts) peerConfigs;
rtwg4 = map (node: {
Gateway = "172.19.${toString node.zone}.${toString node.id}";

4
shared/commons/nftables.nix
View file

@ -48,7 +48,7 @@ in
# Mesh
udp dport 51820 accept
${if lib.elem myName mapping.bastion then ''
${if lib.elem myName mapping.bastion.hosts then ''
# Mgmt
udp dport 51920 accept
'' else ""}
@ -64,7 +64,7 @@ in
ct state related,established accept
ct state invalid counter drop
${if lib.elem myName mapping.bastion then ''
${if lib.elem myName mapping.bastion.hosts then ''
iifname mgmt oifname mesh* accept
'' else ""}