sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

Cleaner forwarding

Browse Source
This commit is contained in:
soraefir
2026-05-01 17:57:06 +02:00
parent 32c83bca98
commit 9b0fc14795
2 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/nixos/system/network/wireguard/forwarding.nix
View File

@@ -24,11 +24,13 @@ in
${concatMapStringsSep "\n" (ports: ${concatMapStringsSep "\n" (ports:
let let
src = builtins.elemAt ports 0; from = builtins.elemAt ports 0;
dst = builtins.elemAt ports 1; to = builtins.elemAt ports 1;
src = builtins.elemAt ports 2;
dst = builtins.elemAt ports 3;
in '' in ''
iifname "${cfg.inInterface}" tcp dport ${toString src} counter dnat to ${cfg.toAddr}:${toString dst} iifname "${from}" tcp dport ${toString src} counter dnat to ${to}:${toString dst}
iifname "${cfg.inInterface}" udp dport ${toString src} counter dnat to ${cfg.toAddr}:${toString dst} iifname "${from}" udp dport ${toString src} counter dnat to ${to}:${toString dst}
'' ''
) cfg.forwarding.ports} ) cfg.forwarding.ports}
} }

26
modules/shared/syscfg/default.nix
View File

@@ -51,25 +51,15 @@ let
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
}; };
forward = { forward = mkOption {
inInterface = mkOption { type = types.listOf (types.listOf (types.oneOf [ types.str types.int ]));
type = types.str;
default = "ens3";
description = "Incoming interface for forwarding";
};
toAddr = mkOption {
type = types.str;
description = "Destination address (IPv4 or IPv6)";
example = "10.10.1.2";
};
ports = mkOption {
type = types.listOf (types.listOf types.port);
default = []; default = [];
description = "Port mappings: [ [srcPort dstPort] ... ]"; description = "Forwarding rules: [ [srcInterface dstAddr srcPort dstPort] ... ]";
example = [ [ 22 22 ] [ 80 80 ] [ 443 443 ] ]; example = [
}; [ "ens3" "10.10.1.2" 22 2222 ]
[ "ens3" "10.10.1.2" 80 80 ]
[ "ens3" "10.10.1.2" 443 443 ]
];
}; };
}; };
}; };