Test from server

nixos/hosts/framework-server/default.nix

@@ -42,6 +42,13 @@
       "tailscaled-autoconnect.service"
     ];
   };
+  services.tailscale.extraUpFlags = [ 
+    "--advertise-exit-node" 
+    "--advertise-routes=10.2.0.0/24" 
+  ];
+
+  boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
+  services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server";
 
   boot.initrd.services.udev.rules = ''
     # This is used to change the default configuration of Realtek USB ethernet adapters
@@ -58,6 +65,4 @@
 
     LABEL="usb_realtek_net_end"
   '';
-
-  services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/framework-server";
-}
+}

nixos/hosts/framework-server/docker.nix

@@ -3,6 +3,7 @@
       "fs.inotify.max_user_watches" = 10485760;
       "fs.inotify.max_user_instances" = 1024;
     };
+
     virtualisation.docker = {
         enable = true;
         enableOnBoot = true;
@@ -13,4 +14,23 @@
     };
 
     environment.systemPackages = with pkgs; [ docker-compose ];
+
+    networking.firewall.allowedUDPPorts = [
+      3478  # Headscale DERP UDP 
+      10000 # Jitsi 
+    ];
+    networking.firewall.allowedTCPPorts = [
+      80    # HTTP 
+      443   # HTTPS
+      25    # Mail
+      465   # Mail 
+      587   # Mail 
+      143   # Mail 
+      993   # Mail  
+      4190  # Mail
+      42420 # Vintage Story 
+      25565 # Minecraft 
+      1443  # Headscale DERP 
+      4443  # Jitsi 
+    ];
 }