chore: allow home assistant access from devices VLAN for voice PE

hosts/sausebiene/home-assistant.nix

@@ -33,6 +33,11 @@ in
   #   network = "internet";
   # };
 
+  services.matter-server = {
+    enable = true;
+    logLevel = "debug";
+  };
+
   topology.self.services.home-assistant.info = "https://${homeassistantDomain}";
   services.home-assistant = {
     enable = true;
@@ -226,6 +231,8 @@ in
         extraConfig = ''
           allow ${globals.net.home-lan.vlans.home.cidrv4};
           allow ${globals.net.home-lan.vlans.home.cidrv6};
+          allow ${globals.net.home-lan.vlans.devices.cidrv4};
+          allow ${globals.net.home-lan.vlans.devices.cidrv6};
           deny all;
         '';
       };

hosts/ward/net.nix

@@ -171,6 +171,8 @@
         proxy-home.interfaces = [ "proxy-home" ];
         adguardhome.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4 ];
         adguardhome.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv6 ];
+        web-proxy.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4 ];
+        web-proxy.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv6 ];
         samba.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv4 ];
         samba.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv6 ];
         scanner-ads-4300n.ipv4Addresses = [
@@ -212,6 +214,20 @@
         verdict = "accept";
       };
 
+      # Allow access to the web proxy from the devices VLAN
+      access-web-proxy = {
+        from = [
+          "vlan-devices"
+        ];
+        to = [ "web-proxy" ];
+        allowedTCPPorts = [
+          80
+          443
+        ];
+        allowedUDPPorts = [ 443 ];
+        verdict = "accept";
+      };
+
       # Allow the scanner to access samba via SFTP
       access-samba-sftp = {
         from = [ "scanner-ads-4300n" ];