From 161f26b3f320e794fd07828974aa403ade35c34c Mon Sep 17 00:00:00 2001
From: Daniel Patterson <me@danielpatterson.dev>
Date: Tue, 26 Apr 2022 02:40:32 +0100
Subject: [PATCH] Expose firewall port and chat redirect

---
 hosts/dingserver/caddy.nix         |  3 +++
 hosts/dingserver/configuration.nix | 12 ++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/hosts/dingserver/caddy.nix b/hosts/dingserver/caddy.nix
index 3486d40..75f3989 100644
--- a/hosts/dingserver/caddy.nix
+++ b/hosts/dingserver/caddy.nix
@@ -25,8 +25,11 @@
         extraConfig = ''
           header /.well-known/* "Access-Control-Allow-Origin" "*"
           respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}"
+
           reverse_proxy /_matrix/* http://localhost:8008
           reverse_proxy /_synapse/client/* http://localhost:8008
+
+          redir / https://chat.broccoli.town
         '';
       };
 
diff --git a/hosts/dingserver/configuration.nix b/hosts/dingserver/configuration.nix
index a82e76c..92421bc 100644
--- a/hosts/dingserver/configuration.nix
+++ b/hosts/dingserver/configuration.nix
@@ -22,8 +22,16 @@
   boot.loader.grub.version = 2;
   boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
 
-  networking.hostName = "dingserver";
-  networking.interfaces.ens3.useDHCP = true;
+  networking = {
+    hostName = "dingserver";
+    interfaces.ens3.useDHCP = true;
+
+    firewall.interfaces = {
+      "tailscale0" = {
+        allowedUDPPorts = [ 41641 ];
+      };
+    };
+  };
 
   environment.systemPackages = with pkgs; [
     helix