bifrost: setup NAT for git-over-ssh to forgejo

This commit is contained in:
Adithya 2024-11-17 11:42:28 +05:30
parent beb635d6db
commit 558ac50337
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
3 changed files with 29 additions and 6 deletions

View file

@ -1,5 +1,5 @@
{ lib, ... }: {
imports = [ ./wireguard.nix ];
imports = [ ./firewall.nix ./wireguard.nix ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@ -44,7 +44,6 @@
];
useDHCP = lib.mkDefault false;
useNetworkd = true;
nftables.enable = true;
};
}

View file

@ -0,0 +1,27 @@
_: {
networking = {
firewall.allowedTCPPorts = [ 42069 ];
nftables = {
enable = true;
ruleset = ''
table ip filter {
chain FORWARD {
iifname "ens3" oifname "Homelab" tcp dport 42069 tcp flags syn / fin,syn,rst,ack ct state new accept
iifname "ens3" oifname "Homelab" ct state related,established accept
iifname "Homelab" oifname "ens3" ct state related,established accept
}
}
table ip nat {
chain PREROUTING {
type nat hook prerouting priority -100 ;
iifname ens3 tcp dport 42069 dnat to 10.10.10.13
}
chain POSTROUTING {
type nat hook postrouting priority 100 ;
ip daddr 10.10.10.13 masquerade
};
}
'';
};
};
}

View file

@ -1,8 +1,5 @@
_:
let
domainName = "forge.acomputer.lol";
in
{
let domainName = "forge.acomputer.lol"; in {
services = {
caddy.virtualHosts."${domainName}" = {
extraConfig = ''