mirrors/mdlayher-homelab
1
0
Fork 0
mirror of https://github.com/mdlayher/homelab.git synced 2024-12-14 11:47:32 +00:00
Code Activity

nixos/routnerr-3: open tailscaled on desktop

Browse source
This commit is contained in:
Matt Layher 2023-08-23 12:39:32 -04:00
parent 1a48e014e2
commit 1e9519009f
4 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/lib/vargen/main.go
View file

@ -100,6 +100,7 @@ func main() {
// TODO: this is a hack, we should make a Service type or similar. // TODO: this is a hack, we should make a Service type or similar.
ServerIPv4: server.IPv4, ServerIPv4: server.IPv4,
ServerIPv6: server.IPv6.GUA, ServerIPv6: server.IPv6.GUA,
DesktopIPv4: desktop.IPv4,
DesktopIPv6: desktop.IPv6.GUA, DesktopIPv6: desktop.IPv6.GUA,
Hosts: hosts{ Hosts: hosts{
Servers: []host{ Servers: []host{
@ -257,6 +258,7 @@ func wanIPv6Prefix() netip.Prefix {
type output struct { type output struct {
ServerIPv4 netip.Addr `json:"server_ipv4"` ServerIPv4 netip.Addr `json:"server_ipv4"`
ServerIPv6 netip.Addr `json:"server_ipv6"` ServerIPv6 netip.Addr `json:"server_ipv6"`
DesktopIPv4 netip.Addr `json:"desktop_ipv4"`
DesktopIPv6 netip.Addr `json:"desktop_ipv6"` DesktopIPv6 netip.Addr `json:"desktop_ipv6"`
Hosts hosts `json:"hosts"` Hosts hosts `json:"hosts"`
Interfaces map[string]iface `json:"interfaces"` Interfaces map[string]iface `json:"interfaces"`

1
nixos/lib/vars.json
View file

@ -1,6 +1,7 @@
{ {
"server_ipv4": "192.168.1.10", "server_ipv4": "192.168.1.10",
"server_ipv6": "2600:6c4a:787f:5e00:6d9:f5ff:fe7e:1c47", "server_ipv6": "2600:6c4a:787f:5e00:6d9:f5ff:fe7e:1c47",
"desktop_ipv4": "192.168.1.7",
"desktop_ipv6": "2600:6c4a:787f:5e00:7656:3cff:fe43:7337", "desktop_ipv6": "2600:6c4a:787f:5e00:7656:3cff:fe43:7337",
"hosts": { "hosts": {
"servers": [ "servers": [

2
nixos/lib/vars.nix
View file

@ -8,6 +8,7 @@ let
server_ipv4 = gen.server_ipv4; server_ipv4 = gen.server_ipv4;
server_ipv6 = gen.server_ipv6; server_ipv6 = gen.server_ipv6;
desktop_ipv4 = gen.desktop_ipv4;
desktop_ipv6 = gen.desktop_ipv6; desktop_ipv6 = gen.desktop_ipv6;
in { in {
@ -17,6 +18,7 @@ in {
inherit server_ipv4; inherit server_ipv4;
inherit server_ipv6; inherit server_ipv6;
inherit desktop_ipv4;
inherit desktop_ipv6; inherit desktop_ipv6;
domain = "lan.servnerr.com"; domain = "lan.servnerr.com";

15
nixos/routnerr-3/nftables.nix
View file

@ -15,7 +15,10 @@ let
mdns = "5353"; mdns = "5353";
plex = "32400"; plex = "32400";
ssh = "22"; ssh = "22";
tailscale = "41461"; # Different tailscaled ports for different devices to avoid messing with
# poking nftables firewall holes with miniupnpd or similar.
tailscale_router = "41461";
tailscale_desktop = "41642";
wireguard = "51820"; wireguard = "51820";
}; };
@ -119,7 +122,7 @@ in {
# router UDP # router UDP
udp dport { udp dport {
${ports.tailscale}, ${ports.tailscale_router},
${ports.wireguard}, ${ports.wireguard},
} counter accept comment "router WAN UDP" } counter accept comment "router WAN UDP"
@ -240,6 +243,10 @@ in {
ip daddr ${vars.server_ipv4} tcp dport ${ports.plex} counter accept comment "server IPv4 Plex" ip daddr ${vars.server_ipv4} tcp dport ${ports.plex} counter accept comment "server IPv4 Plex"
ip6 daddr ${vars.server_ipv6} tcp dport ${ports.plex} counter accept comment "server IPv6 Plex" ip6 daddr ${vars.server_ipv6} tcp dport ${ports.plex} counter accept comment "server IPv6 Plex"
# Tailscale running on desktop.
ip daddr ${vars.desktop_ipv4} udp dport ${ports.tailscale_desktop} counter accept comment "desktop IPv4 Tailscale"
ip6 daddr ${vars.desktop_ipv6} udp dport ${ports.tailscale_desktop} counter accept comment "desktop IPv6 Tailscale"
counter reject counter reject
} }
@ -267,6 +274,10 @@ in {
${ports.plex}, ${ports.plex},
} dnat ${vars.server_ipv4} comment "server TCPv4 DNAT" } dnat ${vars.server_ipv4} comment "server TCPv4 DNAT"
udp dport {
${ports.tailscale_desktop},
} dnat ${vars.desktop_ipv4} comment "desktop UDPv4 DNAT"
accept accept
} }