mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

feat: allow scanner to access samba SFTP

Browse source
This commit is contained in:
oddlama 2025-01-20 17:00:59 +01:00
parent 4d2b186626
commit ec502b4193
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

5
globals.nix
View file

@ -62,10 +62,15 @@ in
cidrv6 = "fd20::/64"; cidrv6 = "fd20::/64";
hosts.ward.id = 1; hosts.ward.id = 1;
hosts.sire.id = 2; hosts.sire.id = 2;
hosts.scanner-ads-4300n = {
id = 23;
mac = globals.macs.scanner-ads-4300n;
};
hosts.wallbox = { hosts.wallbox = {
id = 40; id = 40;
mac = globals.macs.wallbox; mac = globals.macs.wallbox;
}; };
# TODO remove once new home-assistant machine is up
hosts.home-assistant-temp = { hosts.home-assistant-temp = {
id = 85; id = 85;
mac = globals.macs.home-assistant; mac = globals.macs.home-assistant;

27
hosts/ward/net.nix
View file

@ -173,11 +173,15 @@
{ {
untrusted.interfaces = [ "wan" ]; untrusted.interfaces = [ "wan" ];
proxy-home.interfaces = [ "proxy-home" ]; proxy-home.interfaces = [ "proxy-home" ];
adguardhome.ipv4Addresses = [ adguardhome.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4 ];
globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4 adguardhome.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv6 ];
samba.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv4 ];
samba.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv6 ];
scanner-ads-4300n.ipv4Addresses = [
globals.net.home-lan.vlans.devices.hosts.scanner-ads-4300n.ipv4
]; ];
adguardhome.ipv6Addresses = [ scanner-ads-4300n.ipv6Addresses = [
globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv6 globals.net.home-lan.vlans.devices.hosts.scanner-ads-4300n.ipv6
]; ];
} }
// lib.flip lib.concatMapAttrs globals.net.home-lan.vlans ( // lib.flip lib.concatMapAttrs globals.net.home-lan.vlans (
@ -194,9 +198,7 @@
"vlan-devices" "vlan-devices"
"vlan-guests" "vlan-guests"
]; ];
to = [ to = [ "untrusted" ];
"untrusted"
];
masquerade = true; masquerade = true;
late = true; # Only accept after any rejects have been processed late = true; # Only accept after any rejects have been processed
verdict = "accept"; verdict = "accept";
@ -214,11 +216,16 @@
verdict = "accept"; verdict = "accept";
}; };
# Allow the scanner to access samba via SFTP
access-samba-sftp = {
from = [ "scanner-ads-4300n" ];
to = [ "samba" ];
allowedTCPPorts = [ 22 ];
};
# Allow devices in the home VLAN to talk to any of the services or home devices. # Allow devices in the home VLAN to talk to any of the services or home devices.
access-services = { access-services = {
from = [ from = [ "vlan-home" ];
"vlan-home"
];
to = [ to = [
"vlan-services" "vlan-services"
"vlan-devices" "vlan-devices"

BIN
secrets/global.nix.age
View file

Binary file not shown.