From 9cab2319c0445432ccdc50fcc4ea56c2a599e9c2 Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Mon, 1 Dec 2025 16:30:17 +0100
Subject: mkNice

---
 router.nix | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

(limited to 'router.nix')

diff --git a/router.nix b/router.nix
index 79c4f7b..9157380 100644
--- a/router.nix
+++ b/router.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, inputs, ... }:
+{ config, pkgs, inputs, lib, ... }:
+let
+  internalInterfaces = [ "ethlan" "wlan" "docker0" "wglan" ];
+in
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
 
@@ -12,28 +15,14 @@
         67
         51829
       ];
-      extraForwardRules = ''
-        iifname "ethlan"     oifname "wlan-staff" accept
-        iifname "ethlan"     oifname "wlan-guest" accept
-        iifname "ethlan"     oifname "wglan"      accept
-
-        iifname "wlan-staff" oifname "ethlan"     accept
-        iifname "wlan-staff" oifname "wlan-guest" accept
-        iifname "wlan-staff" oifname "wglan"      accept
-
-        iifname "wlan-guest" oifname "ethlan"     accept
-        iifname "wlan-guest" oifname "wlan-staff" accept
-        iifname "wlan-guest" oifname "wglan"      accept
-
-        iifname "wglan"      oifname "ethlan"     accept
-        iifname "wglan"      oifname "wlan-staff" accept
-        iifname "wglan"      oifname "wlan-guest" accept
-      '';
+      extraForwardRules = lib.concatStringsSep "\n" (lib.concatMap (iif: (lib.concatMap (oif:
+        if iif == oif then [] else [ ''iifname "${iif}" oifname "${oif}" accept'' ]
+      ) internalInterfaces)) internalInterfaces);
     };
     nat = {
       enable = true;
       externalInterface = "wan";
-      internalInterfaces = [ "ethlan" "wlan" "docker0" "wglan" ];
+      inherit internalInterfaces;
       forwardPorts = [
         {
           sourcePort = 80;
-- 
cgit v1.2.3