31 lines
797 B
Nix
31 lines
797 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
hostname = config.instance.hostname;
|
|
host-config = config.fudo.hosts.${hostname};
|
|
external-interface = host-config.gateway-config.external-interface;
|
|
internal-interfaces = host-config.gateway-config.internal-interfaces;
|
|
|
|
in {
|
|
imports = [ ./server.nix ];
|
|
|
|
config = {
|
|
networking = {
|
|
nat = {
|
|
enable = true;
|
|
externalInterface = external-interface;
|
|
internalInterfaces = internal-interfaces;
|
|
};
|
|
|
|
firewall = {
|
|
enable = true;
|
|
trustedInterfaces = internal-interfaces;
|
|
interfaces."${external-interface}" = {
|
|
allowedTCPPorts = host-config.gateway-config.external-tcp-ports;
|
|
allowedUDPPorts = host-config.gateway-config.external-udp-ports;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|