2 files changed, 35 insertions, 2 deletions

diff --git a/config/networking/default.nix b/config/networking/default.nix
index 409ce3b..fb8dafe 100644
--- a/config/networking/default.nix
+++ b/config/networking/default.nix
@@ -78,7 +78,13 @@ in {
               prefix = "192.168.2";
               prefixLength = 24;
             };
-            machines.self.ip = "192.168.2.1";
+            machines = {
+              self.ip = "192.168.2.1";
+              hephaistos = {
+                ip = "192.168.2.2";
+                mac = "f4:a4:75:a1:a2:93";
+              };
+            };
           };
           iot = {
             interfaces = ["wlp1s0-iot"];
@@ -131,6 +137,23 @@ in {
         address = ifaces.all."${interface}".machines.livebox.ip;
       };
 
+      hosts = let
+        withMachines =
+          # [{machines: AttrSet, ...}]
+          lib.collect (value: builtins.isAttrs value.machines or false)
+          config.personal.networking.interfaces.all;
+        machineToHost =
+          # String -> {ip: String, ...} -> { name: String, value: String }
+          name: {ip, ...}: lib.nameValuePair ip "${name}.local";
+        pruneMachines =
+          # AttrSet -> {{ip: String, ...}}
+          lib.filterAttrs (name: value: name != "self" && (builtins.isString value.ip or false));
+        hosts =
+          # [{machines: AttrSet, ...}] -> [{String}]
+          lib.forEach withMachines ({machines, ...}: lib.mapAttrs' machineToHost (pruneMachines machines));
+      in
+        lib.zipAttrs hosts;
+
       useDHCP = false;
       dhcpcd.enable = false;
 
diff --git a/config/networking/services/firewall/ruleset.nix b/config/networking/services/firewall/ruleset.nix
index 3418ef8..ba9b39d 100644
--- a/config/networking/services/firewall/ruleset.nix
+++ b/config/networking/services/firewall/ruleset.nix
@@ -5,6 +5,10 @@
       sonos-play1
       sonos-move
       ;
+    inherit
+      (interfaces.all.wan.machines)
+      hephaistos
+      ;
   };
   makeTable = args:
     {
@@ -195,7 +199,13 @@ in {
           + ssdp
           + sonos.player-controller
           + sonos.controller-player;
-        wan_wan.rules = with rulesCommon; syncthing + kdeconnect;
+        wan_wan.rules = with rulesCommon;
+          syncthing
+          + kdeconnect
+          + ''
+            ip daddr ${machines.hephaistos.ip} \
+              ${ssh}
+          '';
         forward = makeBaseChain "filter" "forward" {
           rules = with rulesCommon;
             conntrack