From a4d6a7663c6d6a0cfa24e84f1a72d6131a420547 Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Sat, 31 May 2025 16:51:16 -0400
Subject: [PATCH] Change nfs firewall to include any included mycelium ip

---
 hosts/tower/boot/default.nix                   | 1 -
 modules/system/services/server/nfs/default.nix | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/hosts/tower/boot/default.nix b/hosts/tower/boot/default.nix
index 9f0c2504..0e2428c5 100644
--- a/hosts/tower/boot/default.nix
+++ b/hosts/tower/boot/default.nix
@@ -4,7 +4,6 @@ let
     # VM/GPU passthrough
     "amd_iommu=on"
     "iommu=pt"
-    "nested=1"
 
     # Isolate devices into IOMMU groups
     "pcie_acs_override=downstream,multifunction"
diff --git a/modules/system/services/server/nfs/default.nix b/modules/system/services/server/nfs/default.nix
index 82dc43ba..e241400f 100644
--- a/modules/system/services/server/nfs/default.nix
+++ b/modules/system/services/server/nfs/default.nix
@@ -4,8 +4,8 @@
 
   config = lib.mkIf config.services.nfs.server.enable {
     services.nfs.server.exports = "/storage *(rw)";
-    networking.firewall.extraInputRules = with config.services.mycelium.ips; ''
-      ip6 saddr { ${tower}, ${intuos}, ${jupiter}, ${midas}, ${kitty}, ${prophet} } tcp dport 2049 accept
+    networking.firewall.extraInputRules = with lib; ''
+      ip6 saddr { ${concatStringsSep ", " (attrValues config.services.mycelium.ips)} } tcp dport 2049 accept
     '';
   };
 }