ptr.pet / nixos-cloud-resources
nixos modules for convenient deployment of cloud resources
fork atom
nixos-cloud-resources / firewall / hetzner / rules.nix
at main 833 B view raw
1{lib}: let 2 l = lib; 3 mkRule = proto: tag: port: { 4 description = tag; 5 direction = "in"; 6 protocol = proto; 7 port = 8 if l.isAttrs port 9 then l.concatMapStringsSep "-" toString [port.from port.to] 10 else toString port; 11 source_ips = ["0.0.0.0/0" "::/0"]; 12 }; 13in rec { 14 mkTcpRule = mkRule "tcp"; 15 mkUdpRule = mkRule "udp"; 16 # taggedPorts: attrset of {allowedTCPPorts, allowedTCPPortRanges, ...} 17 mkFirewallRuleset = taggedPorts: { 18 rules = l.flatten ( 19 l.mapAttrsToList 20 (tag: ports: [ 21 (l.map (mkTcpRule tag) (ports.allowedTCPPorts or [])) 22 (l.map (mkTcpRule tag) (ports.allowedTCPPortRanges or [])) 23 (l.map (mkUdpRule tag) (ports.allowedUDPPorts or [])) 24 (l.map (mkUdpRule tag) (ports.allowedUDPPortRanges or [])) 25 ]) 26 taggedPorts 27 ); 28 }; 29}