diff options
Diffstat (limited to 'machines/biski/portforward.nix')
| -rw-r--r-- | machines/biski/portforward.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/machines/biski/portforward.nix b/machines/biski/portforward.nix new file mode 100644 index 0000000..a2fd58a --- /dev/null +++ b/machines/biski/portforward.nix @@ -0,0 +1,45 @@ +{ config, lib, ... }: { + networking = let + forward_ports = [ + 25565 + 25566 + ]; + forward_protocols = [ "tcp" "udp" ]; + internal_ip = "100.64.0.2"; + in { + firewall = { + enable = true; + allowedUDPPorts = forward_ports; + allowedTCPPorts = forward_ports; + }; + nat = { + enable = true; + internalInterfaces = [ "tailscale0" ]; + externalInterface = "eno1"; + + forwardPorts = builtins.concatLists ( + lib.lists.forEach forward_protocols (protocol: + builtins.concatMap (port: [ + { + destination = "${internal_ip}:${toString port}"; + proto = protocol; + sourcePort = port; + } + ]) forward_ports + ) + ); + }; + nftables = { + enable = true; + flushRuleset = true; + tables.nixos-nat = { + family = "ip"; + content = '' + chain post { + masquerade + } + ''; + }; + }; + }; +} |