devins.page
configurations for my servers and desktops
nix
nixos
flake
dots
dotfiles
fix: stuff
+39
-27
+1
-1
hosts/bluepill-proxy/default.nix
+1
-1
hosts/bluepill-proxy/default.nix
+38
-26
hosts/bluepill-proxy/services/nftables.nix
+38
-26
hosts/bluepill-proxy/services/nftables.nix
···
1
-
{pkgs, ...}: {
2
-
networking.sysctl = {
3
-
"net.ipv4.ip_forward" = 1;
4
-
"net.ipv6.conf.all.forwarding" = 1;
5
-
};
1
+
{
2
+
networking = {
3
+
sysctl = {
4
+
"net.ipv4.ip_forward" = 1;
5
+
"net.ipv6.conf.all.forwarding" = 1;
6
+
};
6
7
7
-
networking.firewall = {
8
-
enable = true;
9
-
allowedTCPPorts = [25565];
10
-
allowedUDPPorts = [25565 24454 19132];
11
-
};
8
+
firewall = {
9
+
enable = true;
10
+
allowedTCPPorts = [25565];
11
+
allowedUDPPorts = [25565 24454 19132];
12
12
13
-
networking.nftables = {
14
-
enable = true;
15
-
extraRules = ''
16
-
table ip nat {
17
-
chain prerouting {
18
-
type nat hook prerouting priority dstnat; policy accept;
19
-
tcp dport 25565 dnat to 100.109.134.42:25565;
20
-
udp dport 25565 dnat to 100.109.134.42:25565;
21
-
udp dport 24454 dnat to 100.109.134.42:24454;
22
-
udp dport 19132 dnat to 100.109.134.42:19132;
23
-
}
13
+
extraCommands = ''
14
+
nft add rule ip nat postrouting oif tailscale0 ip daddr 100.109.134.42 counter snat to 100.108.47.83
15
+
'';
16
+
};
24
17
25
-
chain postrouting {
26
-
type nat hook postrouting priority srcnat; policy accept;
27
-
ip daddr 100.109.134.42 snat to 100.108.47.83;
18
+
nat = {
19
+
enable = true;
20
+
forwardPorts = [
21
+
{
22
+
sourcePort = 25565;
23
+
proto = "tcp";
24
+
destination = "100.109.134.42:25565";
28
25
}
29
-
}
30
-
'';
26
+
{
27
+
sourcePort = 25565;
28
+
proto = "udp";
29
+
destination = "100.109.134.42:25565";
30
+
}
31
+
{
32
+
sourcePort = 24454;
33
+
proto = "udp";
34
+
destination = "100.109.134.42:24454";
35
+
}
36
+
{
37
+
sourcePort = 19132;
38
+
proto = "udp";
39
+
destination = "100.109.134.42:19132";
40
+
}
41
+
];
42
+
};
31
43
};
32
44
}