test

nixos/hosts/osaka-linode-01/firewall.nix

@@ -1,32 +1,35 @@
 { config, lib, pkgs, ... }: {
-  networking.firewall.allowedUDPPorts = [
-    3478  # Headscale DERP UDP
-  ];
-  networking.firewall.allowedTCPPorts = [
-    80    # HTTP
-    443   # HTTPS
-    42420 # Vintage Story
-    25565 # Minecraft
-    1443  # Headscale DERP
-  ];
-
   networking = {
+    firewall = {
+      allowedUDPPorts = [
+        3478  # Headscale DERP UDP
+      ];
+      allowedTCPPorts = [
+        80    # HTTP
+        443   # HTTPS
+        42420 # Vintage Story
+        25565 # Minecraft
+        1443  # Headscale DERP
+      ];
+    };
+
     nftables = {
       enable = true;
       ruleset = ''
           table ip nat {
             chain PREROUTING {
               type nat hook prerouting priority dstnat; policy accept;
-              iifname "enp0s4" tcp dport 80    dnat to 10.100.0.2:80    # HTTP
-              iifname "enp0s4" tcp dport 443   dnat to 10.100.0.2:443   # HTTPS
-              iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420 # Vintage Story
-              iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565 # Minecraft
-              iifname "enp0s4" tcp dport 1443  dnat to 10.100.0.2:1443  # Headscale DERP (tcp)
-              iifname "enp0s4" tcp dport 3478  dnat to 10.100.0.2:3478  # Headscale DERP (udp)
+              iifname "enp0s4" tcp dport 80    dnat to 10.100.0.2:80;    # HTTP
+              iifname "enp0s4" tcp dport 443   dnat to 10.100.0.2:443;   # HTTPS
+              iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story
+              iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565; # Minecraft
+              iifname "enp0s4" tcp dport 1443  dnat to 10.100.0.2:1443;  # Headscale DERP (tcp)
+              iifname "enp0s4" tcp dport 3478  dnat to 10.100.0.2:3478;  # Headscale DERP (udp)
             }
           }
       '';
     };
+
     nat = {
       enable = true;
       internalInterfaces = [ "wireguard0" ];