From c2328f08d04af87149bdd8e6b2eab01af4cf4b77 Mon Sep 17 00:00:00 2001
From: Johannes Rothe <mail@johannes-rothe.de>
Date: Wed, 26 Mar 2025 22:48:12 +0100
Subject: [PATCH] Trust tailscale interface and all containers

---
 hosts/dalinar/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/dalinar/default.nix b/hosts/dalinar/default.nix
index a762fb6..790acd0 100644
--- a/hosts/dalinar/default.nix
+++ b/hosts/dalinar/default.nix
@@ -46,7 +46,8 @@
     firewall = {
       enable = true;
       allowedUDPPorts = [ 53 ];
-      allowedTCPPorts = [ 80 443];
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
     };
     # head -c4 /dev/urandom | od -A none -t x4
     # Required for ZFS, see https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
@@ -271,7 +272,7 @@
 
   networking.nat = {
     enable = true;
-    internalInterfaces = [ "ve-searx" ];
+    internalInterfaces = [ "ve-*" ];
     externalInterface = "eno1";
   };