fix: isk

jz8132543 · Mar 8, 2024 · e7d70b8 · e7d70b8
1 parent 644798f
commit e7d70b8
Showing 1 changed file with 44 additions and 45 deletions.
diff --git a/nixos/modules/base/environment/isNAT/default.nix b/nixos/modules/base/environment/isNAT/default.nix
@@ -2,51 +2,50 @@
   lib,
   config,
   ...
-}: let
-  cfg = config.services.traefik.dynamicConfigOptions.http.routers;
-in
-  with lib; {
-    options.environment = {
-      isNAT = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable NAT mode.
-        '';
-      };
-      altHTTPS = mkOption {
-        type = types.int;
-        default = 8443;
-        description = ''
-          The port of https alt
-        '';
-      };
-      altHTTP = mkOption {
-        type = types.int;
-        default = 8080;
-        description = ''
-          The port of http alt
-        '';
-      };
+}:
+with lib; {
+  options.environment = {
+    isNAT = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable NAT mode.
+      '';
     };
-    config.networking =
-      if config.environment.isNAT
-      then {
-        nftables.ruleset = ''
-          table ip nat {
-            chain prerouting {
-              type nat hook prerouting priority 0; policy accept;
-              tcp dport ${toString config.environment.altHTTP} redirect to 80
-              tcp dport ${toString config.environment.altHTTPS} redirect to 443
-            }
+    altHTTPS = mkOption {
+      type = types.int;
+      default = 8443;
+      description = ''
+        The port of https alt
+      '';
+    };
+    altHTTP = mkOption {
+      type = types.int;
+      default = 8080;
+      description = ''
+        The port of http alt
+      '';
+    };
+  };
+  config.networking =
+    if config.environment.isNAT
+    then {
+      nftables.ruleset = ''
+        table ip nat {
+          chain prerouting {
+            type nat hook prerouting priority 0; policy accept;
+            tcp dport ${toString config.environment.altHTTP} redirect to 80
+            tcp dport ${toString config.environment.altHTTPS} redirect to 443
+            udp dport ${toString config.environment.altHTTPS} redirect to 443
+          }
 
-            chain postrouting {
-              type nat hook postrouting priority 0; policy accept;
-            }
+          chain postrouting {
+            type nat hook postrouting priority 0; policy accept;
           }
-        '';
-        firewall.allowedTCPPorts = with config.environment; [altHTTPS altHTTP];
-        firewall.allowedUDPPorts = with config.environment; [altHTTPS];
-      }
-      else {};
-  }
+        }
+      '';
+      firewall.allowedTCPPorts = with config.environment; [altHTTPS altHTTP];
+      firewall.allowedUDPPorts = with config.environment; [altHTTPS];
+    }
+    else {};
+}