feat: setup rule to allow access from wan

2025-04-28 10:06:05 +02:00 · 2025-04-28 10:06:05 +02:00 · 7021603e4e
commit 7021603e4e
parent 74cd7c4859
2 changed files with 9 additions and 1 deletions
--- a/modules/cloonar-assistant/default.nix
+++ b/modules/cloonar-assistant/default.nix
@ -57,6 +57,11 @@ let
  
 in {
  options.cloonar-assistant = {
+    setup = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable access from Wan to Setup";
+    };
    networkPrefix = lib.mkOption {
      type = lib.types.str;
      example = "10.42";
@ -165,6 +170,6 @@ in {
    ./networking
    ./updns
    ./home-assistant
-    ./multiroom-audio
+    # ./multiroom-audio
  ];
 }
--- a/modules/cloonar-assistant/networking/firewall.nix
+++ b/modules/cloonar-assistant/networking/firewall.nix
@ -34,6 +34,9 @@ in {
            chain input-allow {
              udp dport != { 53, 5353 } ct state new limit rate over 1/second burst 10 packets drop comment "rate limit for new connections"
              iifname lo accept
+              ${lib.optionalString config.cloonar-assistant.setup ''
+                iifname "wan" accept
+              ''}
              ${lib.optionalString config.cloonar-assistant.vpn.enable ''
                iifname "wan" udp dport 51820 counter accept comment "Wireguard traffic"
              ''}