diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix index a7508f5..70f7797 100644 --- a/hosts/fw.cloonar.com/modules/firewall.nix +++ b/hosts/fw.cloonar.com/modules/firewall.nix @@ -175,8 +175,6 @@ # multimedia airplay iifname "multimedia" oifname { "lan" } counter accept - # iifname { "vb-*" } oifname { "server" } counter accept comment "from internal interfaces" - # lan and vpn to any # TODO: disable wan when finished iifname { "wan", "lan", "server", "vb-*", "podman0", "wg_cloonar" } oifname { "lan", "vb-*", "server", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept @@ -203,15 +201,10 @@ type nat hook prerouting priority filter; policy accept; } - chain post { - # iifname { "vb-*" } oifname { "server" } masquerade comment "from internal interfaces" - } - # Setup NAT masquerading on external interfaces chain postrouting { type nat hook postrouting priority filter; policy accept; oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade - # iifname { "vb-*" } oifname { "server" } masquerade comment "from internal interfaces" } } ''; diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 3d8be52..a0a9963 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -119,10 +119,11 @@ in config = { lib, config, pkgs, ... }: { networking = { # hostName = "gitea"; - interfaces.mv-vserver.useDHCP = true; - # interfaces.mv-vserver = { - # ipv4.addresses = [ { address = "10.42.97.2"; prefixLength = 24; } ]; - # }; + # interfaces.mv-vserver.useDHCP = true; + interfaces.mv-vserver = { + useDHCP = true; + ipv4.addresses = [ { address = "10.42.97.2"; prefixLength = 24; } ]; + }; # firewall = { # enable = true; # allowedTCPPorts = [ 22 80 443 ];