feat: allow services from home net

hosts/sire/guests/grafana.nix

@@ -146,8 +146,8 @@ in
           proxyWebsockets = true;
         };
         extraConfig = ''
-          allow ${globals.net.home-lan.vlans.services.cidrv4};
-          allow ${globals.net.home-lan.vlans.services.cidrv6};
+          allow ${globals.net.home-lan.vlans.home.cidrv4};
+          allow ${globals.net.home-lan.vlans.home.cidrv6};
           deny all;
         '';
       };

hosts/sire/guests/immich.nix

@@ -249,8 +249,8 @@ in
           proxy_read_timeout 600s;
           proxy_send_timeout 600s;
           send_timeout       600s;
-          allow ${globals.net.home-lan.vlans.services.cidrv4};
-          allow ${globals.net.home-lan.vlans.services.cidrv6};
+          allow ${globals.net.home-lan.vlans.home.cidrv4};
+          allow ${globals.net.home-lan.vlans.home.cidrv6};
           deny all;
         '';
       };

hosts/sire/guests/paperless.nix

@@ -79,8 +79,8 @@ in
         useACMEWildcardHost = true;
         extraConfig = ''
           client_max_body_size 512M;
-          allow ${globals.net.home-lan.vlans.services.cidrv4};
-          allow ${globals.net.home-lan.vlans.services.cidrv6};
+          allow ${globals.net.home-lan.vlans.home.cidrv4};
+          allow ${globals.net.home-lan.vlans.home.cidrv6};
           deny all;
         '';
         locations."/" = {

hosts/sire/guests/samba.nix

@@ -179,8 +179,10 @@ in
             # Deny access to all hosts by default.
             "hosts deny" = "0.0.0.0/0";
             # Allow access to local network and TODO: wireguard
-            "hosts allow" =
-              "${globals.net.home-lan.vlans.services.cidrv4} ${globals.net.home-lan.vlans.services.cidrv6}";
+            "hosts allow" = lib.concatStringsSep " " [
+              globals.net.home-lan.vlans.home.cidrv4
+              globals.net.home-lan.vlans.home.cidrv6
+            ];
             # Don't advertise inaccessible shares to users
             "access based share enum" = "yes";