From 7021603e4e4cdae5e26920e17929dde09fddfaf5 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Mon, 28 Apr 2025 10:06:05 +0200
Subject: [PATCH] feat: setup rule to allow access from wan

---
 modules/cloonar-assistant/default.nix             | 7 ++++++-
 modules/cloonar-assistant/networking/firewall.nix | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/cloonar-assistant/default.nix b/modules/cloonar-assistant/default.nix
index 58f8008..b95c139 100644
--- a/modules/cloonar-assistant/default.nix
+++ b/modules/cloonar-assistant/default.nix
@@ -57,6 +57,11 @@ let
   
 in {
   options.cloonar-assistant = {
+    setup = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable access from Wan to Setup";
+    };
     networkPrefix = lib.mkOption {
       type = lib.types.str;
       example = "10.42";
@@ -165,6 +170,6 @@ in {
     ./networking
     ./updns
     ./home-assistant
-    ./multiroom-audio
+    # ./multiroom-audio
   ];
 }
diff --git a/modules/cloonar-assistant/networking/firewall.nix b/modules/cloonar-assistant/networking/firewall.nix
index 7af2733..959d7c4 100644
--- a/modules/cloonar-assistant/networking/firewall.nix
+++ b/modules/cloonar-assistant/networking/firewall.nix
@@ -34,6 +34,9 @@ in {
             chain input-allow {
               udp dport != { 53, 5353 } ct state new limit rate over 1/second burst 10 packets drop comment "rate limit for new connections"
               iifname lo accept
+              ${lib.optionalString config.cloonar-assistant.setup ''
+                iifname "wan" accept
+              ''}
               ${lib.optionalString config.cloonar-assistant.vpn.enable ''
                 iifname "wan" udp dport 51820 counter accept comment "Wireguard traffic"
               ''}