adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bifrost: setup NAT for git-over-ssh to forgejo

Browse source
This commit is contained in:
Adithya 2024-11-17 11:42:28 +05:30
parent beb635d6db
commit 65c76aea2a
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
3 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hosts/bifrost/network/default.nix
View file

@ -1,5 +1,5 @@
{ lib, ... }: { { lib, ... }: {
imports = [ ./wireguard.nix ]; imports = [ ./firewall.nix ./wireguard.nix ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@ -44,7 +44,6 @@
]; ];
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
useNetworkd = true; useNetworkd = true;
nftables.enable = true;
}; };
} }

20
hosts/bifrost/network/firewall.nix Normal file
View file

@ -0,0 +1,20 @@
_: {
networking = {
firewall.allowedTCPPorts = [ 42069 ];
nftables = {
enable = true;
ruleset = ''
table ip nat {
chain PREROUTING {
type nat hook prerouting priority -100 ;
iifname ens3 tcp dport 42069 dnat to 10.10.10.13
}
chain POSTROUTING {
type nat hook postrouting priority 100 ;
ip daddr 10.10.10.13 masquerade
};
}
'';
};
};
}

5
hosts/bifrost/services/apps/forgejo.nix
View file

@ -1,8 +1,5 @@
_: _:
let let domainName = "forge.acomputer.lol"; in {
domainName = "forge.acomputer.lol";
in
{
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
extraConfig = '' extraConfig = ''