From 41f717c5be835aa65a0380e7c5b135fed6b6b5b2 Mon Sep 17 00:00:00 2001
From: Natsu Kagami <nki@nkagami.me>
Date: Fri, 16 Aug 2024 15:02:25 +0200
Subject: [PATCH] Properly configure firewall to allow tinc to pass through

---
 modules/my-tinc/default.nix            | 5 +++++
 modules/services/nix-cache/default.nix | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix
index d4c3e1a..1b89ae2 100644
--- a/modules/my-tinc/default.nix
+++ b/modules/my-tinc/default.nix
@@ -78,6 +78,11 @@ in
         # firewall
         networking.firewall.allowedUDPPorts = [ 655 ];
         networking.firewall.allowedTCPPorts = [ 655 ];
+        networking.firewall.interfaces."tinc.${networkName}" = {
+          allowedUDPPortRanges = [{ from = 0; to = 65535; }];
+          allowedTCPPortRanges = [{ from = 0; to = 65535; }];
+        };
+
 
         # configure tinc service
         # ----------------------
diff --git a/modules/services/nix-cache/default.nix b/modules/services/nix-cache/default.nix
index 7014f3f..218ad4f 100644
--- a/modules/services/nix-cache/default.nix
+++ b/modules/services/nix-cache/default.nix
@@ -31,7 +31,7 @@ in
 
   config = {
     nix.settings = mkIf cfg.enableClient {
-      substituters = [ cfg.host ];
+      substituters = [ "http://${cfg.host}" ];
       trusted-public-keys = [ cfg.publicKey ];
     };