From 7bb25e5d7a1f66dce2f50389bb3ce9bdc5eaab38 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Tue, 21 May 2024 01:10:07 +0200
Subject: [PATCH] fix: missing firewall zone was dropping associated config

---
 hosts/ward/net.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix
index 03b1134..e190ae4 100644
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@@ -10,7 +10,22 @@ in {
 
   boot.initrd.systemd.network = {
     enable = true;
-    networks = {inherit (config.systemd.network.networks) "10-wan";};
+    networks = {
+      inherit (config.systemd.network.networks) "10-wan";
+      "20-lan" = {
+        address = [
+          (lib.net.cidr.hostCidr 1 lanCidrv4)
+          (lib.net.cidr.hostCidr 1 lanCidrv6)
+        ];
+        matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac;
+        networkConfig = {
+          IPForward = "yes";
+          IPv6PrivacyExtensions = "yes";
+          MulticastDNS = true;
+        };
+        linkConfig.RequiredForOnline = "routable";
+      };
+    };
   };
 
   # Create a MACVTAP for ourselves too, so that we can communicate with
@@ -95,6 +110,7 @@ in {
     zones = {
       untrusted.interfaces = ["wan"];
       lan.interfaces = ["lan-self"];
+      proxy-home.interfaces = ["proxy-home"];
     };
 
     rules = {