From 5709333bcb8057590766bebbdc2578d32d809927 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 18 Feb 2026 15:54:06 -0500
Subject: [PATCH] fix(net): trust wg-br bridge for VPN namespace->host traffic

Allows VPN-confined services (Prowlarr) to reach host-network
services (Sonarr, Radarr) via the namespace bridge interface.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
---
 configuration.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configuration.nix b/configuration.nix
index ff49c61..80b212e 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -198,6 +198,7 @@
     hostName = hostname;
     hostId = "0f712d56";
     firewall.enable = true;
+    firewall.trustedInterfaces = [ "wg-br" ];
     useDHCP = false;
     enableIPv6 = false;