🔧 enable service access via zerotier

2025-03-25 17:25:36 +01:00 · 2025-03-25 17:25:36 +01:00 · 439912b50b
commit 439912b50b
parent b5555ac4b4
2 changed files with 8 additions and 1 deletions
--- a/machines/chungus/hass.nix
+++ b/machines/chungus/hass.nix
@ -2,6 +2,7 @@
  config,
  lib,
  pkgs,
+  zerotierInterface,
  ...
 }:
 {
@ -17,5 +18,6 @@

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
  networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ 8123 ];

 }
--- a/machines/chungus/service-paperless.nix
+++ b/machines/chungus/service-paperless.nix
@ -2,13 +2,15 @@
  config,
  pkgs,
  lib,
+  zerotierInterface,
  ...
 }:
 {

  services.paperless = {
    enable = true;
-    address = "0.0.0.0";
+    address = "[::]";
+    port = 28981;
    package = pkgs.paperless-ngx;
    settings = {
      PAPERLESS_OCR_LANGUAGE = "deu+eng";
@ -35,6 +37,9 @@
  };

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
+    config.services.paperless.port
+  ];

  services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
    serverAliases = [ "paperless.ingolf-wagner.de" ];