architect: Enable c2c for Francesco

2023-03-28 18:07:53 +02:00 · 2023-03-28 18:07:53 +02:00 · 1bb71f7466
commit 1bb71f7466
parent b57c039f70
2 changed files with 8 additions and 2 deletions
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -132,12 +132,17 @@ in
          chain FORWARD {
            type filter hook forward priority filter; policy drop;
            ct state established,related accept
+
+            # client to client
+            ip saddr {${lib.concatStringsSep "," c2c-wg}} ip daddr {${
+               lib.concatStringsSep "," c2c-wg
+            }} accept                    
                    
            # nat to wan
            oifname ${wan-if} ip saddr {${
              lib.concatStringsSep "," towan-wg
            }} accept
-                    
+
            oifname ${wan-if} ip saddr ${docker-net} accept
            oifname ${wan-if} ip saddr ${tailscale-net} accept
                    
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@ -56,7 +56,8 @@ rec {
  dodino-ts = "100.106.244.35";

  framecca-devices = [ framecca-wg framecca_one-wg framecca_three-wg framecca_four-wg ];
-
+  c2c-wg = framecca-devices;
+  
  # groups
  gdevices = [ giuliophone-ts architect-ts giuliopc-ts dodino-ts ];
  towan-wg = [ shield-wg parina-wg parina-ipad-wg germano-wg ] ++ framecca-devices;