From b956f3ebd611c9354a4138e8dfa5bfbed5a45894 Mon Sep 17 00:00:00 2001
From: Devin Finlinson <devin.finlinson@pm.me>
Date: Sat, 28 Mar 2026 16:01:01 -0600
Subject: set up port forwarding module for list of ports

---
 machines/biski/portforward.nix | 45 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 machines/biski/portforward.nix

(limited to 'machines/biski/portforward.nix')

diff --git a/machines/biski/portforward.nix b/machines/biski/portforward.nix
new file mode 100644
index 0000000..a2fd58a
--- /dev/null
+++ b/machines/biski/portforward.nix
@@ -0,0 +1,45 @@
+{ config, lib, ... }: {
+  networking = let
+    forward_ports = [
+      25565
+      25566
+    ];
+    forward_protocols = [ "tcp" "udp" ];
+    internal_ip = "100.64.0.2";
+  in {
+    firewall = {
+      enable = true;
+      allowedUDPPorts = forward_ports;
+      allowedTCPPorts = forward_ports;
+    };
+    nat = {
+      enable = true;
+      internalInterfaces = [ "tailscale0" ];
+      externalInterface = "eno1";
+
+      forwardPorts = builtins.concatLists (
+        lib.lists.forEach forward_protocols (protocol:
+          builtins.concatMap (port: [
+            {
+              destination = "${internal_ip}:${toString port}";
+              proto = protocol;
+              sourcePort = port;
+            }
+          ]) forward_ports
+        )
+      );
+    };
+    nftables = {
+      enable = true;
+      flushRuleset = true;
+      tables.nixos-nat = {
+        family = "ip";
+        content = ''
+          chain post {
+            masquerade
+          }
+        '';
+      };
+    };
+  };
+}
-- 
cgit v1.2.3