Trust tailscale interface and all containers

2025-03-26 22:48:12 +01:00 · 2025-03-26 22:48:12 +01:00 · c2328f08d0
commit c2328f08d0
parent 896331cefb
1 changed files with 3 additions and 2 deletions
--- a/hosts/dalinar/default.nix
+++ b/hosts/dalinar/default.nix
@ -46,7 +46,8 @@
    firewall = {
      enable = true;
      allowedUDPPorts = [ 53 ];
-      allowedTCPPorts = [ 80 443];
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
    };
    # head -c4 /dev/urandom | od -A none -t x4
    # Required for ZFS, see https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
@ -271,7 +272,7 @@

  networking.nat = {
    enable = true;
-    internalInterfaces = [ "ve-searx" ];
+    internalInterfaces = [ "ve-*" ];
    externalInterface = "eno1";
  };