From 1a8b47032fe63f3956321a346968d5188541daa5 Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Sun, 3 Sep 2023 16:10:12 +0800
Subject: [PATCH] nebula: add nebula.nebula to trustedInterfaces

---
 modules/system/networking/nebula/default.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/system/networking/nebula/default.nix b/modules/system/networking/nebula/default.nix
index f6719bb9..149ee176 100644
--- a/modules/system/networking/nebula/default.nix
+++ b/modules/system/networking/nebula/default.nix
@@ -46,10 +46,7 @@ inputs:
         };
         secrets."nebula/key" = {};
       };
-      networking.firewall = if nebula.lighthouse != null then {} else
-      {
-        allowedTCPPorts = [ 4242 ];
-        allowedUDPPorts = [ 4242 ];
-      };
+      networking.firewall = { trustedInterfaces = [ "nebula.nebula" ]; }
+        // (if nebula.lighthouse != null then {} else { allowedTCPPorts = [ 4242 ]; allowedUDPPorts = [ 4242 ]; });
     };
 }