ediblerope
77eafded92
Adds services/router.nix with systemd-networkd (eno1=WAN via DHCP,
eth0=LAN 10.0.0.1/24), nftables (NAT + firewall, default drop on WAN
in), dnsmasq (DHCP only — AdGuard Home keeps :53 for DNS), and sysctl
IP forwarding. NetworkManager is forced off on this host.
Port forwards live in ports.toml at the repo root and are imported via
builtins.fromTOML. Supports single ports, ranges ("26901-26902"), and
"both" protocol. Initial forwards: 22, 80, 443, 26900, 26901-26902.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
36 lines
771 B
TOML
36 lines
771 B
TOML
# ports.toml — WAN → LAN port forwards for the router (services/router.nix)
|
|
#
|
|
# Each [[forward]] block adds a DNAT rule from WAN to the LAN IP below.
|
|
# Fields:
|
|
# name — human label, appears in journal logs
|
|
# port — single port (number), e.g. 443
|
|
# ports — port range as a string, e.g. "26901-26902"
|
|
# protocol — "tcp", "udp", or "both"
|
|
# dest — LAN IP to forward to (optional; defaults to 10.0.0.1)
|
|
|
|
dest_default = "10.0.0.1"
|
|
|
|
[[forward]]
|
|
name = "HTTP"
|
|
port = 80
|
|
protocol = "tcp"
|
|
|
|
[[forward]]
|
|
name = "HTTPS"
|
|
port = 443
|
|
protocol = "tcp"
|
|
|
|
[[forward]]
|
|
name = "SSH"
|
|
port = 22
|
|
protocol = "tcp"
|
|
|
|
[[forward]]
|
|
name = "7DTD game"
|
|
port = 26900
|
|
protocol = "both"
|
|
|
|
[[forward]]
|
|
name = "7DTD voice/dynamic"
|
|
ports = "26901-26902"
|
|
protocol = "udp"
|