sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

Fixes

Browse Source
This commit is contained in:
soraefir
2026-05-01 22:01:54 +02:00
parent edc764461c
commit d4e599bd9b
4 changed files with 24 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
modules/nixos/system/network/wireguard/forwarding.nix
View File

@@ -12,23 +12,27 @@
networking.nftables.ruleset = ''
table inet nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
type nat hook prerouting priority dstnat; policy accept;
${lib.concatMapStringsSep "\n" (ports:
${lib.concatMapStringsSep "\n" (rule:
let
from = builtins.elemAt ports 0;
to = builtins.elemAt ports 1;
src = builtins.elemAt ports 2;
dst = builtins.elemAt ports 3;
srcInt = builtins.elemAt rule 0;
dstAddr4 = builtins.elemAt rule 1;
dstAddr6 = builtins.elemAt rule 2;
srcPort = toString (builtins.elemAt rule 3);
dstPort = toString (builtins.elemAt rule 4);
in ''
iifname "${from}" tcp dport ${toString src} counter dnat to ${to}:${toString dst}
iifname "${from}" udp dport ${toString src} counter dnat to ${to}:${toString dst}
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip to ${dstAddr4}:${dstPort}
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
''
) config.syscfg.net.wg.server.forward}
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
type nat hook postrouting priority srcnat; policy accept;
oifname { "wg0", "ens3" } masquerade
}
}