From d35ded419e3d4aaed6e5c83468a6e25ebc84ff41 Mon Sep 17 00:00:00 2001
From: Ahwx <ahwx@ahwx.org>
Date: Tue, 5 Aug 2025 21:48:15 +0200
Subject: [PATCH] feat: open all ports on 40gbit nic as its a local link

---
 hosts/dandelion/default.nix | 39 +++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 70aae74..511be93 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -16,8 +16,6 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups
   ];
 
-  networking.hostName = "dandelion";
-
   liv.server.enable = true;
 
   nixpkgs.config.permittedInsecurePackages = [
@@ -27,8 +25,34 @@
 
   time.timeZone = "Europe/Amsterdam";
 
+  networking = {
+    hostName = "dandelion";
+    firewall = {
+      allowedTCPPorts = [
+        5201
+      ];
+      allowedUDPPorts = [
+        5201
+      ];
+      interfaces."ens4s1".allowedTCPPorts = [
+        # allow everything for local link
+        {
+          from = 1;
+          to = 65354;
+        }
+      ];
+      interfaces."ens4s1".allowedUDPPorts = [
+        # allow everything for local link
+        {
+          from = 1;
+          to = 65354;
+        }
+      ];
+    };
+  };
+
   systemd.network.networks."99-local" = {
-    matchConfig.name = "ens3s1";
+    matchConfig.name = "ens4s1";
     address = [
       "192.168.1.100/24"
     ];
@@ -40,15 +64,6 @@
     ];
   };
 
-  networking.firewall = {
-    allowedTCPPorts = [
-      5201
-    ];
-    allowedUDPPorts = [
-      5201
-    ];
-  };
-
   environment.systemPackages = with pkgs; [
     kitty.terminfo
     zfs