From 3f7be3fe1ea6968219def0cc0dfcdd57d02320a8 Mon Sep 17 00:00:00 2001
From: Sven Slootweg <admin@cryto.net>
Date: Thu, 21 Jun 2018 00:37:15 +0200
Subject: [PATCH] Add internal VPN interface to trusted interfaces

---
 lib/tinc/default.nix | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/lib/tinc/default.nix b/lib/tinc/default.nix
index 00ef8c4..8dfdcbe 100644
--- a/lib/tinc/default.nix
+++ b/lib/tinc/default.nix
@@ -36,11 +36,15 @@ networkConfiguration:
 					prefixLength = 24;
 				}];
 
-				networking.firewall.allowedTCPPorts = [
-					655
-				];
-
-				networking.firewall.allowedUDPPorts = [
-					655
-				];
+				networking.firewall = {
+					allowedTCPPorts = [
+						655
+					];
+					allowedUDPPorts = [
+						655
+					];
+					trustedInterfaces = [
+						"tinc.cryto"
+					];
+				};
 			}