{ config, lib, pkgs, ... }: { networking.firewall.allowedUDPPorts = [ 3478 # Headscale DERP UDP 10000 # Jitsi ]; networking.firewall.allowedTCPPorts = [ 80 # HTTP 443 # HTTPS # 25 # SMTP (explicit TLS => STARTTLS) # 465 # ESMTP (implicit TLS) # 587 # ESMTP (explicit TLS => STARTTLS) # 143 # IMAP4 (explicit TLS => STARTTLS) # 993 # IMAP4 (implicit TLS) # 4190 # Sieve support 42420 # Vintage Story 25565 # Minecraft 1443 # Headscale DERP # 4443 # jitsi-jvb # 5222 # Jitsi # 5347 # Jitsi # 5280 # Jitsi ]; networking.nat = { enable = true; internalInterfaces = [ "enp0s4" ]; externalInterface = "wireguard0" forwardPorts = [ { # Headscale DERP UDP destination = "10.100.0.2:3478"; proto = "udp"; sourcePort = 3478; } { # Jitsi destination = "10.100.0.2:10000"; proto = "udp"; sourcePort = 10000; } { # HTTP destination = "10.100.0.2:80"; proto = "tcp"; sourcePort = 80; } { # HTTPS destination = "10.100.0.2:443"; proto = "tcp"; sourcePort = 443; } { # Vintage Story destination = "10.100.0.2:42420"; proto = "tcp"; sourcePort = 42420; } { # Minecraft destination = "10.100.0.2:25565"; proto = "tcp"; sourcePort = 25565; } { # Headscale DERP TCP destination = "10.100.0.2:1443"; proto = "tcp"; sourcePort = 1443; } ]; }; }