sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: allow several discovery protocols in hass

Browse source
This commit is contained in:
oddlama 2025-01-26 18:02:17 +01:00
parent 0edc440f81
commit bb75070da9
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 38 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/sausebiene/mosquitto.nix
View file

@ -27,16 +27,4 @@
} }
]; ];
}; };
networking.nftables.firewall.rules = {
# Allow devices and iot VLANs to access the MQTT server
access-mqtt = {
from = [
"vlan-devices"
"vlan-iot"
];
to = [ "local" ];
allowedTCPPorts = [ 1883 ];
};
};
} }

38
hosts/sausebiene/net.nix
View file

@ -104,6 +104,44 @@ in
"vlan-${vlanName}".interfaces = [ "vlan-${vlanName}" ]; "vlan-${vlanName}".interfaces = [ "vlan-${vlanName}" ];
} }
); );
rules = {
# Allow devices to be discovered through various protocols
discovery-protocols = {
from = [
"vlan-home"
"vlan-devices"
"vlan-iot"
];
to = [ "local" ];
allowedUDPPorts = [
1900 # Simple Service Discovery Protocol, UPnP
];
allowedTCPPorts = [
40000 # UPnP HTTP
];
# HomeKit etc. may use random high-numbered ports.
# There's probably a better way to handle this
allowedUDPPortRanges = [
{
from = 30000;
to = 65535;
}
];
};
# Allow devices to access some local services
access-services = {
from = [
"vlan-devices"
"vlan-iot"
];
to = [ "local" ];
allowedTCPPorts = [
1883 # MQTT
];
};
};
}; };
wireguard.proxy-home.client.via = "ward"; wireguard.proxy-home.client.via = "ward";