peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

architect: Enable c2c for Francesco

Browse Source
This commit is contained in:
Giulio De Pasquale 2023-03-28 18:07:53 +02:00
parent b57c039f70
commit 1bb71f7466
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/architect/firewall.nix
View File

@ -132,12 +132,17 @@ in
chain FORWARD { chain FORWARD {
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
ct state established,related accept ct state established,related accept
# client to client
ip saddr {${lib.concatStringsSep "," c2c-wg}} ip daddr {${
lib.concatStringsSep "," c2c-wg
}} accept
# nat to wan # nat to wan
oifname ${wan-if} ip saddr {${ oifname ${wan-if} ip saddr {${
lib.concatStringsSep "," towan-wg lib.concatStringsSep "," towan-wg
}} accept }} accept
oifname ${wan-if} ip saddr ${docker-net} accept oifname ${wan-if} ip saddr ${docker-net} accept
oifname ${wan-if} ip saddr ${tailscale-net} accept oifname ${wan-if} ip saddr ${tailscale-net} accept

3
hosts/architect/network.nix
View File

@ -56,7 +56,8 @@ rec {
dodino-ts = "100.106.244.35"; dodino-ts = "100.106.244.35";
framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ]; framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ];
c2c-wg = framecca-devices;
# groups # groups
gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ]; gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ];
towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices; towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices;