Cloonar/cloonar-assistant
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: setup rule to allow access from wan

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-04-28 10:06:05 +02:00
parent 74cd7c4859
commit 7021603e4e
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/cloonar-assistant/default.nix
View File

@@ -57,6 +57,11 @@ let
in { in {
options.cloonar-assistant = { options.cloonar-assistant = {
setup = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable access from Wan to Setup";
};
networkPrefix = lib.mkOption { networkPrefix = lib.mkOption {
type = lib.types.str; type = lib.types.str;
example = "10.42"; example = "10.42";
@@ -165,6 +170,6 @@ in {
./networking ./networking
./updns ./updns
./home-assistant ./home-assistant
./multiroom-audio # ./multiroom-audio
]; ];
} }

3
modules/cloonar-assistant/networking/firewall.nix
View File

@@ -34,6 +34,9 @@ in {
chain input-allow { chain input-allow {
udp dport != { 53, 5353 } ct state new limit rate over 1/second burst 10 packets drop comment "rate limit for new connections" udp dport != { 53, 5353 } ct state new limit rate over 1/second burst 10 packets drop comment "rate limit for new connections"
iifname lo accept iifname lo accept
${lib.optionalString config.cloonar-assistant.setup ''
iifname "wan" accept
''}
${lib.optionalString config.cloonar-assistant.vpn.enable '' ${lib.optionalString config.cloonar-assistant.vpn.enable ''
iifname "wan" udp dport 51820 counter accept comment "Wireguard traffic" iifname "wan" udp dport 51820 counter accept comment "Wireguard traffic"
''} ''}