diff --git a/hosts/h003/mods/networking.nix b/hosts/h003/mods/networking.nix index 6fa5e56..3a547c6 100644 --- a/hosts/h003/mods/networking.nix +++ b/hosts/h003/mods/networking.nix @@ -110,9 +110,17 @@ }; vlan10 = { - # Block all WAN - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = [ + 22 # SSH (for remote admin access) + 53 # DNS + 80 + 443 # HTTP + ]; + allowedUDPPorts = [ + 53 # DNS + 67 # DHCP server + 68 + ]; }; # LAN interface (VLAN 20) - FULL SERVICE @@ -129,21 +137,6 @@ 68 # DHCP client responses ]; }; - - # NOTE check this... - vlan10 = { - allowedTCPPorts = [ - 22 # SSH (for remote admin access) - 53 # DNS - 80 - 443 # HTTP - ]; - allowedUDPPorts = [ - 53 # DNS - 67 # DHCP server - 68 - ]; - }; }; }; @@ -164,8 +157,8 @@ settings = { # Listen only on LAN interface interface = [ - "vlan20" "vlan10" + "vlan20" ]; bind-interfaces = true; @@ -174,6 +167,13 @@ # Note in Ad GuardHome in DNS Settings add localhost:9053 to Private reverse DNS servers and enable them listen-address = "127.0.0.1"; port = 9053; + host-record = [ + "media.joshuabell.xyz,10.12.14.10" + "jellyfin.joshuabell.xyz,10.12.14.10" + ]; + address = [ + "/h001.local.joshuabell.xyz/10.12.14.10" + ]; # DHCP range and settings dhcp-range = [ @@ -206,8 +206,8 @@ enable-ra = lib.mkIf config.networking.enableIPv6 true; # interface, min interval, max interval ra-param = lib.mkIf config.networking.enableIPv6 [ - "vlan20,60,120" "vlan10,60,120" + "vlan20,60,120" ]; # DNS settings (not needed since we use adguard for dns)