feat: generating firewall forwarding rules from individual machiene configs complete

applications/firewall.nix

@@ -16,6 +16,14 @@
           A list of routes to forward
         '';
       };
+      # need to seperate it out as to not cause infinite loops
+      forward_parsed = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = ''
+          A list of routes to forward joined as a single string
+        '';
+      };
     };
   };
 
@@ -69,7 +77,7 @@
           # ip saddr 193.1.99.123 tcp dport 443 counter packets 0 bytes 0 accept
 
           # can basically make each machiene responsibile for their own forwarding (in config at least)
-          ${lib.strings.concatMapStrings (x: x + "\n") config.skynet_firewall.forward}
+          ${config.skynet_firewall.forward_parsed}
 
           counter packets 0 bytes 0 reject with icmp type admin-prohibited
         }

machines/test01.nix

@@ -1,8 +1,5 @@
-{ pkgs, ... }:
+{ pkgs, lib, nodes, ... }: {
-
-{
   imports = [
-
     # applications for this particular server
     ../applications/firewall.nix
   ];
@@ -14,6 +11,19 @@
   };
 
   # this server is teh firewall
-  skynet_firewall.enable = true;
+  skynet_firewall = {
+    enable = true;
+
+    # gonna have to get all the
+    forward_parsed =
+      # merge together with a newline char
+      lib.strings.concatMapStrings (x: x + "\n") (
+        # merge the lists together
+        builtins.concatLists (
+          # using this function "(key: value: value.config.skynet_firewall.forward)" turn the values ointo a list
+          lib.attrsets.mapAttrsToList (key: value: value.config.skynet_firewall.forward) nodes
+        )
+      );
+  };
 
 }

machines/test02.nix

@@ -1,8 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, ... }: {
 
-{
   imports = [
-
+    # import it in so the options are available
+    ../applications/firewall.nix
   ];
 
   skynet_firewall.forward = [