Commit graph

6 commits

Author SHA1 Message Date
448e44753f neko: Guild Wars in a browser (Xfce+Wine+NVIDIA), Authelia-gated
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-25 10:07:36 +01:00
8dd70a2d9d mediaserver: drop no-op firewall rules, close unused DR forwards
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 10:00:49 +01:00
611ed162c3 ports: forward UDP/2603 to fix DR XP reports
DR_Server binds UDP/2603 in addition to TCP/2603 — that's where the
DSOUND.dll mod's NAT-punched XP-report socket sends client kill XP
back to the server (see ChatCommandHandler.cs / [DLL XP REPORT] path
in the source). The original forward was tcp-only, so every WAN
client's UDP XP packet was dropped at the router. Symptom: every
character stuck at lvl 1/xp 0 regardless of how the client launched.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-09 19:29:11 +01:00
0230592137 ports: forward dr-server auth/game/queue + UDP aux from WAN
Pairs the LAN-side firewall openings already done in services/dr-server.nix
so the public can actually reach the Mediaserver. TCP for the listening
sockets we observed (2110/2603/2606), UDP for the 2604-2605 pair the
client setup expects per Play_DungeonRunners.bat.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 10:06:55 +01:00
568b815d8d router: allow docker0 forward and expose 7dtd-coop ports
Container outbound (image pulls, LinuxGSM bootstrap fetches) was
dropped by the inet filter forward chain — only eth0 and DNAT'd
WAN traffic were whitelisted. Add iifname "docker0" accept so
containers can reach the internet.

Also add the coop server's 26910/26911-26912 forwards to ports.toml
so WAN players can connect.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 15:35:26 +01:00
77eafded92 Turn mediaserver into a home router
Adds services/router.nix with systemd-networkd (eno1=WAN via DHCP,
eth0=LAN 10.0.0.1/24), nftables (NAT + firewall, default drop on WAN
in), dnsmasq (DHCP only — AdGuard Home keeps :53 for DNS), and sysctl
IP forwarding. NetworkManager is forced off on this host.

Port forwards live in ports.toml at the repo root and are imported via
builtins.fromTOML. Supports single ports, ranges ("26901-26902"), and
"both" protocol. Initial forwards: 22, 80, 443, 26900, 26901-26902.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-24 09:48:38 +01:00