config/basic/net.nix

@@ -5,6 +5,7 @@
 }:
 {
   networking = {
+    search = [ "local" ];
     useNetworkd = true;
     dhcpcd.enable = false;
     useDHCP = false;
@@ -41,4 +42,5 @@
       MulticastDNS=true
     '';
   };
+
 }

config/services/hostapd.nix

@@ -16,9 +16,7 @@
     intel2200BGFirmware
   ];
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-  networking.nftables.firewall.zones.untrusted.interfaces = [
-    "lan-home"
-  ];
+  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan-services" ];
   hardware.wirelessRegulatoryDatabase = true;
   # systemd.network = {
   #   netdevs."40-wifi-home" = {
@@ -42,15 +40,15 @@
   #   };
   # };
 
-  # networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
-  # networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
+  networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
+  networking.nftables.firewall.zones.home.interfaces = [ "lan-home" ];
   networking.nftables.firewall.rules.wifi-forward = {
     from = [ "wlan" ];
-    to = [ "home" ];
+    to = [ "lan-home" ];
     verdict = "accept";
   };
   systemd.network.networks."40-wifi" = {
-    matchConfig.Name = "wlan1";
+    matchConfig.Name = "lan-home";
     address = [
       (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv4)
       (lib.net.cidr.hostCidr (globals.services.hostapd.ip + 1) globals.net.vlans.home.cidrv6)

hosts/nucnix/guests.nix

@@ -112,8 +112,9 @@ in
     // mkContainer "nginx" { }
     // mkMicrovm "hostapd" {
       vlans = [
-        # "guests"
+        "guests"
         "home"
+        "services"
       ];
     };
 }

hosts/nucnix/mdns.nix

@@ -8,12 +8,6 @@ let
   cfg = {
     interfaces = "lan-.*";
     rules = [
-      {
-        from = ".*";
-        to = "lan-home";
-        allow_questions = "";
-        allow_answers = ".*";
-      }
       {
         from = "lan-home";
         to = "lan-services";
@@ -21,10 +15,10 @@ let
         allow_answers = "";
       }
       {
-        from = "lan-home";
-        to = "lan-devices";
-        allow_questions = "(printer|ipp)";
-        allow_answers = "";
+        from = "lan-services";
+        to = "lan-home";
+        allow_questions = "";
+        allow_answers = "(nucnix|elisabeth)";
       }
     ];
   };
@@ -34,7 +28,7 @@ in
     wantedBy = [ "multi-user.target" ];
     after = [ "network.target" ];
 
-    environment.RUST_LOG = "debug";
+    #environment.RUST_LOG = "debug";
 
     serviceConfig = {
       Restart = "on-failure";

patches/PR/370347.diff

@@ -1,43 +0,0 @@
-diff --git a/nixos/modules/services/networking/networkd-dispatcher.nix b/nixos/modules/services/networking/networkd-dispatcher.nix
-index 49d5cd545656a..5e307d81624ee 100644
---- a/nixos/modules/services/networking/networkd-dispatcher.nix
-+++ b/nixos/modules/services/networking/networkd-dispatcher.nix
-@@ -102,21 +102,23 @@ in
- 
-     services.networkd-dispatcher.extraArgs =
-       let
--        scriptDir = pkgs.symlinkJoin {
--          name = "networkd-dispatcher-script-dir";
--          paths = lib.mapAttrsToList (
--            name: cfg:
--            (map (
--              state:
--              pkgs.writeTextFile {
--                inherit name;
--                text = cfg.script;
--                destination = "/${state}.d/${name}";
--                executable = true;
--              }
--            ) cfg.onState)
--          ) cfg.rules;
--        };
-+        scriptDir = pkgs.runCommand "networkd-dispatcher-script-dir" { } ''
-+          mkdir $out
-+          ${lib.concatStrings (
-+            lib.mapAttrsToList (
-+              name: cfg:
-+              (lib.concatStrings (
-+                map (state: ''
-+                  mkdir -p $out/${state}.d
-+                  ln -s ${
-+                    pkgs.writeShellApplication {
-+                      inherit name;
-+                      text = cfg.script;
-+                    }
-+                  }/bin/${name} $out/${state}.d/${name}'') cfg.onState
-+              ))
-+            ) cfg.rules
-+          )}'';
-       in
-       [
-         "--verbose"