configuration.nix/hosts/bifrost/network/firewall.nix

_: {
  systemd.services.nftables.after = [ "wg-quick-Homelab.service" ];
  networking = {
    nftables = {
      enable = true;
      ruleset = ''
        table ip nat {
          chain PREROUTING {
            type nat hook prerouting priority dstnat;
            iifname ens3 tcp dport 22 dnat to 10.10.10.13:2222
          }
          chain POSTROUTING {
            type nat hook postrouting priority srcnat;
            ip daddr 10.10.10.13 masquerade
          };
        }
      '';
    };
  };
}
bifrost: setup NAT for git-over-ssh to forgejo 2024-11-17 11:42:28 +05:30			`_: {`
all: cleanup service dependencies 2024-11-23 00:22:19 +05:30			`systemd.services.nftables.after = [ "wg-quick-Homelab.service" ];`
bifrost: setup NAT for git-over-ssh to forgejo 2024-11-17 11:42:28 +05:30			`networking = {`
			`nftables = {`
			`enable = true;`
			`ruleset = ''`
			`table ip nat {`
			`chain PREROUTING {`
move forgejo to new domain :shrug: 2024-11-19 23:35:28 +05:30			`type nat hook prerouting priority dstnat;`
			`iifname ens3 tcp dport 22 dnat to 10.10.10.13:2222`
bifrost: setup NAT for git-over-ssh to forgejo 2024-11-17 11:42:28 +05:30			`}`
			`chain POSTROUTING {`
move forgejo to new domain :shrug: 2024-11-19 23:35:28 +05:30			`type nat hook postrouting priority srcnat;`
bifrost: setup NAT for git-over-ssh to forgejo 2024-11-17 11:42:28 +05:30			`ip daddr 10.10.10.13 masquerade`
			`};`
			`}`
			`'';`
			`};`
			`};`
			`}`