diff --git a/hosts/sausebiene/home-assistant.nix b/hosts/sausebiene/home-assistant.nix index 8096e38..b99d3fc 100644 --- a/hosts/sausebiene/home-assistant.nix +++ b/hosts/sausebiene/home-assistant.nix @@ -33,6 +33,11 @@ in # network = "internet"; # }; + services.matter-server = { + enable = true; + logLevel = "debug"; + }; + topology.self.services.home-assistant.info = "https://${homeassistantDomain}"; services.home-assistant = { enable = true; @@ -226,6 +231,8 @@ in extraConfig = '' allow ${globals.net.home-lan.vlans.home.cidrv4}; allow ${globals.net.home-lan.vlans.home.cidrv6}; + allow ${globals.net.home-lan.vlans.devices.cidrv4}; + allow ${globals.net.home-lan.vlans.devices.cidrv6}; deny all; ''; }; diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index aafc5c2..a45039b 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -171,6 +171,8 @@ proxy-home.interfaces = [ "proxy-home" ]; adguardhome.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4 ]; adguardhome.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv6 ]; + web-proxy.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv4 ]; + web-proxy.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.ward-web-proxy.ipv6 ]; samba.ipv4Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv4 ]; samba.ipv6Addresses = [ globals.net.home-lan.vlans.services.hosts.sire-samba.ipv6 ]; scanner-ads-4300n.ipv4Addresses = [ @@ -212,6 +214,20 @@ verdict = "accept"; }; + # Allow access to the web proxy from the devices VLAN + access-web-proxy = { + from = [ + "vlan-devices" + ]; + to = [ "web-proxy" ]; + allowedTCPPorts = [ + 80 + 443 + ]; + allowedUDPPorts = [ 443 ]; + verdict = "accept"; + }; + # Allow the scanner to access samba via SFTP access-samba-sftp = { from = [ "scanner-ads-4300n" ];