nixos-config/machines/shinobu/services/router/nft.nix

# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, pkgs, ... }:
let
  cfg = pkgs.callPackage ./common.nix { };

  mkKeyValue = lib.generators.mkKeyValueDefault
    rec {
      mkValueString = v:
        if lib.isString v then ''"${v}"''
        else if lib.isList v then ''{ ${lib.concatMapStringsSep ", " mkValueString v} }''
        else lib.generators.mkValueStringDefault { } v;
    } " = ";

  passthru = {
    VLANS = lib.attrNames cfg.vlan;
    VLAN_BRIDGES = map (name: "br-${name}") (lib.attrNames cfg.vlan);
  };

  defines = lib.concatStringsSep
    "\n"
    (lib.mapAttrsToList
      (key: value: "define " + (mkKeyValue key value))
      passthru);
in
{
  networking.nftables = {
    enable = true;
    ruleset = ''
      ${defines}

      include "${./rules.nft}"
    '';
  };
}