From 202966d58abb6cedbec13d438e2a31c0901abc59 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Sat, 24 May 2025 15:01:30 -0400
Subject: [PATCH] fix firewall with vms

---
 hosts/common.nix        |  2 +-
 hosts/ytnix/default.nix | 19 ++++++++-----------
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/hosts/common.nix b/hosts/common.nix
index fe6e1c6..c125822 100644
--- a/hosts/common.nix
+++ b/hosts/common.nix
@@ -39,7 +39,7 @@
   i18n.defaultLocale = "en_US.UTF-8";
   time.timeZone = "America/New_York";
   networking = {
-    firewall.logRefusedConnections = false;
+    firewall.logRefusedConnections = true;
     nameservers = [
       # quad9 (unfiltered)
       "2620:fe::10"
diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix
index d669142..1cbc5c1 100644
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@@ -61,7 +61,10 @@
       enable = true;
       pkiBundle = "/var/lib/sbctl";
     };
-    kernel.sysctl."kernel.sysrq" = 1;
+    kernel.sysctl = {
+      "kernel.sysrq" = 1;
+      # "net.ipv4.ip_forward" = 1;
+    };
     binfmt.emulatedSystems = [ "aarch64-linux" ];
   };
 
@@ -90,13 +93,7 @@
       enable = true;
       trustedInterfaces = [
         "tailscale0"
-        "virbr0"
       ];
-      # allowedTCPPorts = [
-      #   8080 # mitmproxy
-      #   22000 # syncthing
-      #   3003 # immich-ml
-      # ];
     };
     hosts = {
       "100.122.132.30" = [ "s3.cy7.sh" ];
@@ -277,10 +274,10 @@
     enable = true;
     qemu.vhostUserPackages = with pkgs; [ virtiofsd ];
   };
-  virtualisation.vmware.host = {
-    enable = true;
-    package = pkgs.vmware-workstation;
-  };
+  # virtualisation.vmware.host = {
+  #   enable = true;
+  #   package = pkgs.vmware-workstation;
+  # };
   programs.virt-manager.enable = true;
   my.containerization.enable = true;