test

nixos/common/services/podman.nix

@@ -11,9 +11,12 @@
         dockerSocket.enable = true;
         dockerCompat = true;
         autoPrune = {
-            enable = true;
+          enable = true;
-            dates = "weekly";
+          dates = "weekly";
-            flags = [ "--all" ];
+          flags = [ "--all" ];
+        };
+        defaultNetwork.settings = {
+          dns_enabled = true;
         };
     };
 

nixos/hosts/milan-linode-01/default.nix

@@ -39,4 +39,5 @@
   networking.hostName = "milan-linode-01";
 
   services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
+  boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
 }

nixos/hosts/milan-linode-01/podman/derp.nix

@@ -35,18 +35,10 @@
     serviceConfig = {
       Restart = lib.mkOverride 500 "always";
     };
-    after = [
+    after    = [ "podman-network-headscale-default.service" ];
-      "podman-network-headscale-default.service"
+    requires = [ "podman-network-headscale-default.service" ];
-    ];
+    partOf   = [ "podman-compose-headscale-root.target" ];
-    requires = [
+    wantedBy = [ "podman-compose-headscale-root.target" ];
-      "podman-network-headscale-default.service"
-    ];
-    partOf = [
-      "podman-compose-headscale-root.target"
-    ];
-    wantedBy = [
-      "podman-compose-headscale-root.target"
-    ];
   };
 
   # Networks
@@ -60,7 +52,7 @@
     script = ''
       podman network inspect headscale-default || podman network create headscale-default --opt isolate=true
     '';
-    partOf = [ "podman-compose-headscale-root.target" ];
+    partOf   = [ "podman-compose-headscale-root.target" ];
     wantedBy = [ "podman-compose-headscale-root.target" ];
   };
 

nixos/hosts/osaka-linode-01/firewall.nix

@@ -38,9 +38,6 @@
               iifname "enp0s4" tcp dport 443   dnat to 10.100.0.2:443;   # HTTPS
               iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story
               iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565; # Minecraft
-              # iifname "enp0s4" tcp dport 1443  dnat to 10.100.0.2:1443;  # Headscale DERP (tcp)
-              # iifname "enp0s4" udp dport 3478  dnat to 10.100.0.2:3478;  # Headscale DERP (udp)
-              # iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000; # Headscale DERP (udp)
               iifname "enp0s4" tcp dport 4443  dnat to 10.100.0.2:4443;  # Jitsi
             }
           }
@@ -62,9 +59,6 @@
         { sourcePort = 443;   proto = "tcp"; destination = "10.100.0.2:443";   } # HTTPS
         { sourcePort = 42420; proto = "tcp"; destination = "10.100.0.2:42420"; } # Vintage Story
         { sourcePort = 25565; proto = "tcp"; destination = "10.100.0.2:25565"; } # Minecraft
-        # { sourcePort = 1443;  proto = "tcp"; destination = "10.100.0.2:1443";  } # Headscale DERP (tcp)
-        # { sourcePort = 3478;  proto = "udp"; destination = "10.100.0.2:3478";  } # Headscale DERP (udp)
-        # { sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } # Headscale DERP (udp)
         { sourcePort = 4443;  proto = "tcp"; destination = "10.100.0.2:4443";  } # Jitsi
       ];
     };

nixos/hosts/piaware-rpi4/podman/piaware.nix

@@ -22,9 +22,9 @@
     serviceConfig = {
       Restart = lib.mkOverride 500 "always";
     };
-    after = [ "podman-network-piaware-default.service" ];
+    after    = [ "podman-network-piaware-default.service" ];
     requires = [ "podman-network-piaware-default.service" ];
-    partOf = [ "podman-compose-piaware-root.target" ];
+    partOf   = [ "podman-compose-piaware-root.target" ];
     wantedBy = [ "podman-compose-piaware-root.target" ];
   };
 
@@ -39,7 +39,7 @@
     script = ''
       podman network inspect piaware-default || podman network create piaware-default --opt isolate=true
     '';
-    partOf = [ "podman-compose-piaware-root.target" ];
+    partOf   = [ "podman-compose-piaware-root.target" ];
     wantedBy = [ "podman-compose-piaware-root.target" ];
   };