From 788ea5ad26f49a91bd47b869b1d57ba4f15a802a Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Fri, 6 Feb 2026 06:59:59 -0600
Subject: [PATCH] rules fixup

---
 hosts/vps/configuration.nix | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix
index 91c8376..99e4aaa 100644
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -12,9 +12,6 @@ let
   wgGuestsSubnet = "${config.my.ips.wg-gs}/24";
   wgServerSubnet = "${config.my.ips.wg-vps}/24";
   wgFriend1 = config.my.ips.wg-friend1;
-  wgFriend2 = config.my.ips.wg-friend2;
-  wgFriend3 = config.my.ips.wg-friend3;
-  wgFriend4 = config.my.ips.wg-friend4;
   wgGuest1 = config.my.ips.wg-g1;
   giteaSshPort = 22;
   giteaSshPortStr = toString giteaSshPort;
@@ -65,7 +62,7 @@ in
     };
     nftables = {
       enable = true;
-      tables."vps-snat" = {
+      tables.vps-snat = {
         family = "ip";
         content = ''
           chain postrouting {
@@ -82,14 +79,8 @@ in
       allowedTCPPorts = [ sshPort ] ++ webPorts;
       allowedUDPPorts = [ wgPort ];
       extraForwardRules = ''
-        iifname "${wgInterface}" ip saddr ${wgFriend1}/32 ip daddr ${homeServer}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${wgFriend2}/32 ip daddr ${homeServer}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${wgFriend3}/32 ip daddr ${homeServer}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${wgFriend4}/32 ip daddr ${homeServer}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${homeServer}/32 ip daddr ${wgFriend1}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${homeServer}/32 ip daddr ${wgFriend2}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${homeServer}/32 ip daddr ${wgFriend3}/32 tcp dport ${syncthingPort} accept
-        iifname "${wgInterface}" ip saddr ${homeServer}/32 ip daddr ${wgFriend4}/32 tcp dport ${syncthingPort} accept
+        iifname "${wgInterface}" ip saddr ${wgFriendsSubnet} ip daddr ${homeServer}/32 tcp dport ${syncthingPort} accept
+        iifname "${wgInterface}" ip saddr ${homeServer}/32 ip daddr ${wgFriendsSubnet} tcp dport ${syncthingPort} accept
 
         iifname "${wgInterface}" ip saddr ${wgFriendsSubnet} ip daddr ${homeServer}/32 tcp dport { ${synapseClientPort}, ${synapseFederationPort}, ${syncplayPort} } accept
 
@@ -101,8 +92,6 @@ in
         iifname "${wgInterface}" ip saddr ${wgFriendsSubnet} oifname "${externalInterface}" accept
         iifname "${wgInterface}" ip saddr ${wgGuestsSubnet} oifname "${externalInterface}" accept
 
-        iifname "${externalInterface}" ip daddr ${homeServer}/32 tcp dport ${giteaSshPortStr} accept
-
         ip saddr ${wgFriendsSubnet} ip daddr ${wgServerSubnet} drop
         ip saddr ${wgServerSubnet} ip daddr ${wgFriendsSubnet} drop
         ip saddr ${wgGuestsSubnet} ip daddr ${wgServerSubnet} drop