rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

router: expose forwarded ports on eno1; AdGuard rewrite for LAN hostname

Browse source 
- Input chain now accepts WAN traffic for every port in ports.toml so
  external access (SSH, HTTP, HTTPS, game ports) works through the eero's
  upstream port forwards during phase 1, and via our own DNAT in phase 2.
- Add AdGuard DNS rewrite nordhammer.it → 192.168.4.25 so LAN clients
  hit the mediaserver directly instead of relying on eero hairpin NAT.
  Target changes to 10.0.0.1 at phase 2 cutover.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-24 10:22:56 +01:00
parent 661ad14948
commit 5426e3847b
2 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
services/adguard.nix
View file

@ -35,6 +35,12 @@
{ enabled = true; id = 3; name = "OISD Big";
url = "https://big.oisd.nl/"; }
];
# Resolve our own hostnames to the mediaserver's LAN IP so LAN
# clients bypass eero hairpin NAT. Update to 10.0.0.1 in phase 2.
filtering.rewrites = [
{ domain = "nordhammer.it"; answer = "192.168.4.25"; }
{ domain = "*.nordhammer.it"; answer = "192.168.4.25"; }
];
};
};