tulg/nixdots
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

idk and get rid of sstupid warnings ig

Browse source
This commit is contained in:
tulg 2026-05-15 01:15:57 +03:00
parent cb6af5e7c4
commit 2960c1fe90
17 changed files with 207 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/servers/per-host/kittykat/tunnel.nix
View file

@ -14,6 +14,12 @@
# 16261 = main game port
# 16262+ = player ports, using 16262-16272 as a sane test range
# 52015 = extra UDP port your server is listening on
minecraftTcpPorts = [
25565
25566
25567
25568
];
zomboidUdpPorts = [
16261
16262
@ -63,9 +69,11 @@ in {
# Public Zomboid UDP ports on kittykat.
allowedUDPPorts = zomboidUdpPorts;
allowedTCPPorts = minecraftTcpPorts;
# Allow tunnel-side packets too.
interfaces.tun0.allowedUDPPorts = zomboidUdpPorts;
interfaces.tun0.allowedTCPPorts = minecraftTcpPorts;
};
networking.nftables = {
@ -79,6 +87,8 @@ in {
# Public players -> kittykat public IP -> overlord over tun0
iifname "${publicInterface}" udp dport 16261-16272 dnat to ${overlordTunIp}
iifname "${publicInterface}" udp dport 52015 dnat to ${overlordTunIp}:52015
# Minecraft TCP
iifname "${publicInterface}" tcp dport 25565-25570 dnat to ${overlordTunIp}
}
chain postrouting {
@ -89,6 +99,7 @@ in {
# so replies go back through the tunnel instead of overlord's normal internet route.
oifname "tun0" ip daddr ${overlordTunIp} udp dport 16261-16272 snat to ${kittykatTunIp}
oifname "tun0" ip daddr ${overlordTunIp} udp dport 52015 snat to ${kittykatTunIp}
oifname "tun0" ip daddr ${overlordTunIp} tcp dport 25565-25570 snat to ${kittykatTunIp}
}
chain forward {
@ -97,6 +108,9 @@ in {
# Public -> tunnel
iifname "${publicInterface}" oifname "tun0" ip daddr ${overlordTunIp} udp dport 16261-16272 accept
iifname "${publicInterface}" oifname "tun0" ip daddr ${overlordTunIp} udp dport 52015 accept
# Minecraft TCP
iifname "${publicInterface}" oifname "tun0" ip daddr ${overlordTunIp} tcp dport 25565-25570 accept
# Tunnel replies -> public
iifname "tun0" oifname "${publicInterface}" ip saddr ${overlordTunIp} accept