feat: no more recusion, simplified the function
This commit is contained in:
parent
badcfe1ada
commit
8f373ada01
2 changed files with 11 additions and 18 deletions
|
@ -16,14 +16,6 @@
|
||||||
A list of routes to forward
|
A list of routes to forward
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
# need to seperate it out as to not cause infinite loops
|
|
||||||
forward_parsed = lib.mkOption {
|
|
||||||
default = "";
|
|
||||||
type = lib.types.str;
|
|
||||||
description = ''
|
|
||||||
A list of routes to forward joined as a single string
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -77,7 +69,7 @@
|
||||||
# ip saddr 193.1.99.123 tcp dport 443 counter packets 0 bytes 0 accept
|
# ip saddr 193.1.99.123 tcp dport 443 counter packets 0 bytes 0 accept
|
||||||
|
|
||||||
# can basically make each machiene responsibile for their own forwarding (in config at least)
|
# can basically make each machiene responsibile for their own forwarding (in config at least)
|
||||||
${config.skynet_firewall.forward_parsed}
|
${lib.strings.concatMapStrings (x: x + "\n") config.skynet_firewall.forward}
|
||||||
|
|
||||||
counter packets 0 bytes 0 reject with icmp type admin-prohibited
|
counter packets 0 bytes 0 reject with icmp type admin-prohibited
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,14 +15,15 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# gonna have to get all the
|
# gonna have to get all the
|
||||||
forward_parsed =
|
forward = builtins.concatLists (
|
||||||
# merge together with a newline char
|
|
||||||
lib.strings.concatMapStrings (x: x + "\n") (
|
|
||||||
# merge the lists together
|
|
||||||
builtins.concatLists (
|
|
||||||
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
|
# using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
|
||||||
lib.attrsets.mapAttrsToList (key: value: value.config.skynet_firewall.forward) nodes
|
lib.attrsets.mapAttrsToList (key: value:
|
||||||
)
|
# make sure that anything running this firewall dosent count (recursion otherewise)
|
||||||
|
# firewall may want to open ports in itself but can deal with that later
|
||||||
|
if value.config.skynet_firewall.enable
|
||||||
|
then []
|
||||||
|
else value.config.skynet_firewall.forward
|
||||||
|
) nodes
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue