From d4ad9aa6857d1cf23e0d23719bf8e9a57f04091e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Tue, 27 Jan 2026 19:36:23 +0000
Subject: [PATCH] br0

---
 hosts/mtworx/configuration.nix | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index c518cbd..5fc4d36 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -248,8 +248,12 @@ in
     hostName = "mtworx";
     domain = "jakst.vpn";
 
-    # Configure USB Ethernet interface with internal IP
-    interfaces.enp0s20f0u2 = {
+    bridges.br0 = {
+      interfaces = [ ];
+    };
+
+    # Configure bridge with internal IP
+    interfaces.br0 = {
       ipv4.addresses = [
         {
           address = "10.14.143.1";
@@ -261,19 +265,19 @@ in
     nat = {
       enable = true;
       externalInterface = "wlp0s20f3";
-      internalInterfaces = [ "enp0s20f0u2" ];
+      internalInterfaces = [ "br0" ];
       internalIPs = [ "10.14.143.0/24" ];
     };
 
     firewall = {
       rejectPackets = true;
-      interfaces.enp0s20f0u2 = {
+      interfaces.br0 = {
         allowedUDPPorts = [
-          53
-          67
-          69
+          53 # DNS
+          67 # DHCP
+          69 # TFTP
         ];
-        allowedTCPPorts = [ 53 ];
+        allowedTCPPorts = [ 53 ]; # DNS
       };
       extraCommands = ''
         # Allow only through WiFi interface (to gateway and internet)