From ed14fb9b0e794109e78246bde39618ed9a380971 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Mon, 4 Dec 2023 11:33:51 +0100
Subject: [PATCH] try to change fw

---
 hosts/fw.cloonar.com/modules/firewall.nix | 4 ++--
 hosts/fw.cloonar.com/modules/gitea.nix    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index bf998af..da111fd 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -172,13 +172,13 @@
             # multimedia airplay
             iifname "multimedia" oifname { "lan" } counter accept
 
+            iifname { "vb-*" } oifname { "server" } counter accept comment "from internal interfaces"
+
             # lan and vpn to any
             # TODO: disable wan when finished
             iifname { "wan", "lan", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
             iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept
 
-            iifname { "vb-*" } oifname { "server" } counter accept comment "from internal interfaces"
-
             # Allow trusted network WAN access
             iifname {
               "lan",
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index 52adf7d..09db17f 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -98,6 +98,7 @@ in
   # };
 
   containers.gitea = {
+    extraFlags = [ "-U" ];
     autoStart = true;
     ephemeral = true;
     # macvlans = [ "vserver" ];