nat table

removed windows_vm key
2026-02-06 06:44:47 -06:00 · 2026-02-06 06:12:10 -06:00
5 changed files with 59 additions and 47 deletions
--- a/config/jawz.nix
+++ b/config/jawz.nix
@@ -79,7 +79,6 @@ in
      "galaxy"
      "phone"
      "vps"
-      "windows_vm"
    ];
  };
 }
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -79,6 +79,7 @@ in
          allowedIPs = [
            "${config.my.ips.wg-vps}/32"
            "${config.my.ips.wg-friends}/24" # all friends
+            "${config.my.ips.wg-gs}/24" # all friends
          ];
          persistentKeepalive = 25;
        }
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -47,11 +47,35 @@ in
    };
  };
  image.modules.linode = { };
-  networking.hostName = "vps";
  services.smartd.enable = lib.mkForce false;
  environment.systemPackages = [ ];
-  networking.nftables.enable = true;
-  networking.firewall = {
+  networking = {
+    hostName = "vps";
+    nat = {
+      inherit externalInterface;
+      enable = true;
+      internalInterfaces = [ "wg0" ];
+      forwardPorts = [
+        {
+          sourcePort = giteaSshPort;
+          proto = "tcp";
+          destination = "${homeServer}:${giteaSshPortStr}";
+        }
+      ];
+    };
+    nftables = {
+      enable = true;
+      tables."vps-snat" = {
+        family = "ip";
+        content = ''
+          chain postrouting {
+            type nat hook postrouting priority srcnat;
+            iifname "${externalInterface}" oifname "${wgInterface}" ip daddr ${homeServer}/32 tcp dport ${giteaSshPortStr} masquerade comment "snat ssh forward"
+          }
+        '';
+      };
+    };
+    firewall = {
      enable = true;
      filterForward = true;
      checkReversePath = "loose";
@@ -87,17 +111,6 @@ in
        ip saddr ${wgFriendsSubnet} ip daddr ${wgGuestsSubnet} drop
      '';
    };
-  networking.nat = {
-    enable = true;
-    inherit externalInterface;
-    internalInterfaces = [ "wg0" ];
-    forwardPorts = [
-      {
-        sourcePort = giteaSshPort;
-        proto = "tcp";
-        destination = "${homeServer}:${giteaSshPortStr}";
-      }
-    ];
  };
  security.sudo-rs.extraRules = [
    {
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -56,12 +56,12 @@ in
        wg-gs = "10.9.0.0";
        wg-g0 = "10.9.0.1";
        wg-g1 = "10.9.0.2";
+        wg-friends = "10.8.0.0";
        wg-friend0 = "10.8.0.1";
        wg-friend1 = "10.8.0.2";
        wg-friend2 = "10.8.0.3";
        wg-friend3 = "10.8.0.4";
        wg-friend4 = "10.8.0.5";
-        wg-friends = "10.8.0.0";
      };
      description = "Set of IP's for all my computers.";
    };
--- a/parts/core.nix
+++ b/parts/core.nix
@@ -224,7 +224,6 @@ in
        nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
        nixserver = ../secrets/ssh/ed25519_nixserver.pub;
        nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
-        windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
      };
      getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
      # Helper functions for multi-user toggle support
Author	SHA1	Message	Date
Danilo Reyes	1fd29a5f4f	nat table	2026-02-06 06:44:47 -06:00
Danilo Reyes	a15db616b4	removed windows_vm key	2026-02-06 06:12:10 -06:00