From 4e73bdb0dc37c56fa0bc1481f6fb8a28194ab25b Mon Sep 17 00:00:00 2001
From: xunuwu <xunuwu@gmail.com>
Date: Thu, 11 Sep 2025 09:03:42 +0200
Subject: [PATCH] nebula bypass nixos firewall

---
 hosts/rackserv/profiles/nebula.nix | 2 +-
 sys/profiles/network/nebula.nix    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hosts/rackserv/profiles/nebula.nix b/hosts/rackserv/profiles/nebula.nix
index b6d3a75..24fa5d7 100644
--- a/hosts/rackserv/profiles/nebula.nix
+++ b/hosts/rackserv/profiles/nebula.nix
@@ -1,5 +1,5 @@
 {config, ...}: {
-  networking.firewall.allowedTCPPorts = [4343];
+  networking.firewall.allowedTCPPorts = [3131];
   services.nebula.networks.xunmesh = {
     enable = true;
     isLighthouse = true;
diff --git a/sys/profiles/network/nebula.nix b/sys/profiles/network/nebula.nix
index 72a0c71..9119428 100644
--- a/sys/profiles/network/nebula.nix
+++ b/sys/profiles/network/nebula.nix
@@ -30,4 +30,6 @@
       punchy.punch = true;
     };
   };
+
+  networking.firewall.trustedInterfaces = ["nebula.xunmesh"]; # bypass nixos firewall
 }