-2

hosts/bluepill-proxy/default.nix

··· 1 1 {...}: { 2 2 imports = [ 3 3 ./hardware.nix 4 4 - ./services/caddy.nix 5 5 - ./services/nftables.nix 6 4 ./services/ssh.nix 7 5 ./services/tailscale.nix 8 6 ];

-26

hosts/bluepill-proxy/services/caddy.nix

··· 1 1 - {...}: { 2 2 - networking.firewall.allowedTCPPorts = [80 443]; 3 3 - 4 4 - services.caddy = { 5 5 - enable = true; 6 6 - virtualHosts = { 7 7 - "navidrome.devins.page" = { 8 8 - extraConfig = '' 9 9 - reverse_proxy http://100.108.47.83:4533 10 10 - ''; 11 11 - }; 12 12 - 13 13 - "jellyfin.devins.page" = { 14 14 - extraConfig = '' 15 15 - reverse_proxy http://100.108.47.83:8096 16 16 - ''; 17 17 - }; 18 18 - 19 19 - "slskd.devins.page" = { 20 20 - extraConfig = '' 21 21 - reverse_proxy http://100.108.47.83:5030 22 22 - ''; 23 23 - }; 24 24 - }; 25 25 - }; 26 26 - }

-40

hosts/bluepill-proxy/services/nftables.nix

··· 1 1 - {...}: { 2 2 - boot.kernel.sysctl = { 3 3 - "net.ipv4.ip_forward" = 1; 4 4 - "net.ipv6.conf.all.forwarding" = 1; 5 5 - }; 6 6 - 7 7 - networking.firewall = { 8 8 - enable = true; 9 9 - allowedTCPPorts = [22 25565]; 10 10 - allowedUDPPorts = [25565 24454 19132]; 11 11 - }; 12 12 - 13 13 - networking.nat = { 14 14 - enable = true; 15 15 - externalInterface = "tailscale0"; 16 16 - externalIP = "100.108.47.83"; 17 17 - forwardPorts = [ 18 18 - { 19 19 - sourcePort = 25565; 20 20 - proto = "tcp"; 21 21 - destination = "100.109.134.42:25565"; 22 22 - } 23 23 - { 24 24 - sourcePort = 25565; 25 25 - proto = "udp"; 26 26 - destination = "100.109.134.42:25565"; 27 27 - } 28 28 - { 29 29 - sourcePort = 24454; 30 30 - proto = "udp"; 31 31 - destination = "100.109.134.42:24454"; 32 32 - } 33 33 - { 34 34 - sourcePort = 19132; 35 35 - proto = "udp"; 36 36 - destination = "100.109.134.42:19132"; 37 37 - } 38 38 - ]; 39 39 - }; 40 40 - }