gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(nftables): local firewall

Browse source
This commit is contained in:
arcnmx 2024-01-31 13:28:21 -08:00
parent 6dc06a746a
commit a283b4bf9a
9 changed files with 167 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/nixos/home-assistant.nix
View file

@ -44,17 +44,24 @@ in {
};
config = {
networking.firewall = mkIf cfg.enable {
allowedTCPPorts = mkIf (cfg.homekit.enable && cfg.homekit.openFirewall) (
networking.firewall = let
homekitTcp = mkIf cfg.homekit.enable (
map ({ port, ... }: port) cfg.config.homekit or [ ]
);
allowedUDPPortRanges = [
(mkIf (cfg.cast.enable && cfg.cast.openFirewall) {
castUdpRanges = mkIf cfg.cast.enable [
{
from = 32768;
to = 60999;
})
}
];
in mkIf cfg.enable {
interfaces.local = {
allowedTCPPorts = mkIf (!cfg.homekit.openFirewall) homekitTcp;
allowedUDPPortRanges = mkIf (!cfg.cast.openFirewall) castUdpRanges;
};
allowedTCPPorts = mkIf cfg.homekit.openFirewall homekitTcp;
allowedUDPPortRanges = mkIf cfg.cast.openFirewall castUdpRanges;
};
# MDNS