Cleaner forwarding

2026-05-01 17:57:06 +02:00
parent 32c83bca98
commit 9b0fc14795
2 changed files with 15 additions and 23 deletions
--- a/modules/nixos/system/network/wireguard/forwarding.nix
+++ b/modules/nixos/system/network/wireguard/forwarding.nix
@@ -24,11 +24,13 @@ in
          ${concatMapStringsSep "\n" (ports:
            let
-              src = builtins.elemAt ports 0;
+              from = builtins.elemAt ports 0;
-              dst = builtins.elemAt ports 1;
+              to = builtins.elemAt ports 1;
              src = builtins.elemAt ports 2;
              dst = builtins.elemAt ports 3;
            in ''
-              iifname "${cfg.inInterface}" tcp dport ${toString src} counter dnat to ${cfg.toAddr}:${toString dst}
+              iifname "${from}" tcp dport ${toString src} counter dnat to ${to}:${toString dst}
-              iifname "${cfg.inInterface}" udp dport ${toString src} counter dnat to ${cfg.toAddr}:${toString dst}
+              iifname "${from}" udp dport ${toString src} counter dnat to ${to}:${toString dst}
            ''
          ) cfg.forwarding.ports}
        }
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -51,25 +51,15 @@ let
          type = types.listOf types.str;
          default = [];
        };
-        forward = {
+        forward = mkOption {
-          inInterface = mkOption {
+          type = types.listOf (types.listOf (types.oneOf [ types.str types.int ]));
-            type = types.str;
+          default = [];
-            default = "ens3";
+          description = "Forwarding rules: [ [srcInterface dstAddr srcPort dstPort] ... ]";
-            description = "Incoming interface for forwarding";
+          example = [
-          };
+            [ "ens3" "10.10.1.2" 22 2222 ]
-          
+            [ "ens3" "10.10.1.2" 80 80 ]
-          toAddr = mkOption {
+            [ "ens3" "10.10.1.2" 443 443 ]
-            type = types.str;
+          ];
            description = "Destination address (IPv4 or IPv6)";
            example = "10.10.1.2";
          };
          ports = mkOption {
            type = types.listOf (types.listOf types.port);
            default = [];
            description = "Port mappings: [ [srcPort dstPort] ... ]";
            example = [ [ 22 22 ] [ 80 80 ] [ 443 443 ] ];
          };
        };
      };
    };