From 4229d33150e47cdd58d4d4e6281918f1a398e1d5 Mon Sep 17 00:00:00 2001
From: "Casper V. Kristensen" <casper@vkristensen.dk>
Date: Tue, 7 May 2024 00:40:13 +0200
Subject: [PATCH] sigma: allow local network access to public address

---
 hosts/sigma/network.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hosts/sigma/network.nix b/hosts/sigma/network.nix
index 4f0a187..c200e7c 100644
--- a/hosts/sigma/network.nix
+++ b/hosts/sigma/network.nix
@@ -57,6 +57,16 @@
             Table = "wg-sigma-public";
           };
         }
+        {
+          # Allow hosts on the local network to contact us directly on the
+          # public address instead of routing the packet through Wireguard and
+          # back again.
+          routingPolicyRuleConfig = {
+            From = "49.13.33.75/32";
+            To = "192.168.0.0/24";
+            Table = "main";
+          };
+        }
         {
           # The postfix systemd service has
           # RestrictNetworkInterfaces=wg-sigma-public, but that does not tell