forked from mirrors_public/oddlama_nix-config
feat: allow services from home net
This commit is contained in:
parent
37bf3d0db7
commit
23e21f4145
7 changed files with 29 additions and 13 deletions
|
@ -70,8 +70,8 @@ in
|
|||
# is over TLS.
|
||||
extraConfig = ''
|
||||
proxy_ssl_verify off;
|
||||
allow ${globals.net.home-lan.vlans.services.cidrv4};
|
||||
allow ${globals.net.home-lan.vlans.services.cidrv6};
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv4};
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv6};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -214,13 +214,27 @@
|
|||
verdict = "accept";
|
||||
};
|
||||
|
||||
# Allow devices in the home VLAN to talk to any of the services or home devices.
|
||||
access-services = {
|
||||
from = [
|
||||
"vlan-home"
|
||||
];
|
||||
to = [
|
||||
"vlan-services"
|
||||
"vlan-devices"
|
||||
];
|
||||
late = true;
|
||||
verdict = "accept";
|
||||
};
|
||||
|
||||
# Allow the services VLAN to talk to our wireguard server
|
||||
services-to-local = {
|
||||
from = [ "vlan-services" ];
|
||||
to = [ "local" ];
|
||||
allowedUDPPorts = [ config.wireguard.proxy-home.server.port ];
|
||||
};
|
||||
|
||||
# Forward traffic between participants
|
||||
# Forward traffic between wireguard participants
|
||||
forward-proxy-home-vpn-traffic = {
|
||||
from = [ "proxy-home" ];
|
||||
to = [ "proxy-home" ];
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue