sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

rename and fix

Browse Source
This commit is contained in:
soraefir
2026-05-08 20:46:23 +02:00
parent 4d398d5596
commit df523c48e5
12 changed files with 21 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/server/nftables/default.nix
View File

@@ -1,7 +1,8 @@
{ config, lib, ... }:
let
cfg = config.syscfg.server;
in{
in {
config = mkIf (cfg.ipfw.enable) {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
@@ -9,7 +10,6 @@ in{
networking.nftables.enable = true;
networking.nftables.ruleset = ''
${if cfg.nftables.enable then ''
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
@@ -28,13 +28,14 @@ in{
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
''
) config.syscfg.server.nftables.ports}
) cfg.ipfw.ports}
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') config.syscfg.server.nftables.ifs} } masquerade
oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') cfg.ipfw.ifs} } masquerade
}
}'' else ""}
}
'';
};
}