diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2023-03-01 16:40:11 -0500 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2023-03-01 16:40:11 -0500 |
commit | 358e456ad77547e525eac6d18c12a09d9ed382eb (patch) | |
tree | 5904b41c443a6b71f0a1bd4817a9f17e79244a12 | |
parent | 1ff6fefe39521844872cb7aad165cf8ee9f6a1cc (diff) |
update
-rw-r--r-- | machines/dragon.nix | 6 | ||||
-rw-r--r-- | modules/router.nix | 8 |
2 files changed, 9 insertions, 5 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix index 16ae1cf..317d1b6 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -50,12 +50,13 @@ in { services.transmission = { enable = true; - settings.download-dir = "/storage/upload"; - settings.peer-port = 55324; + home = "/storage/upload"; + settings.peer-port = 56732; settings.rpc-bind-address = "0.0.0.0"; settings.rpc-whitelist = "172.20.*.*"; }; systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; + users.users.transmission.extraGroups = ["readonly"]; # services.tailscale.enable = true; # virtualisation.lxd.enable = true; @@ -82,6 +83,7 @@ in { networking = { hostName = lib.mkForce "dragon"; }; networking.firewall.enable = false; networking.interfaces.router-vport.useDHCP = true; + networking.resolvconf.useLocalResolver = false; networking.dhcpcd.enable = true; networking.dhcpcd.extraConfig = '' clientid dragon diff --git a/modules/router.nix b/modules/router.nix index 9251229..ff893df 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -158,6 +158,7 @@ let extraConfig = '' noipv6rs noipv6 + nohook resolv.conf interface wan-vport dhcp ''; @@ -210,9 +211,10 @@ let oifname wan-vport counter accept oifname mullvad counter accept - ip daddr 172.20.30.2 th dport 9091 counter accept; + ip daddr 172.20.30.2 th dport {9091, 56732} counter accept; oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_WAN_PORTS counter accept iifname lan-vport oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_LAN_PORTS counter accept + iifname vpn-vport oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_LAN_PORTS counter accept iifname servers-vport counter accept counter drop @@ -232,8 +234,8 @@ let table inet nat { chain prerouting { type nat hook prerouting priority -100; policy accept - meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.20.2 - meta nfproto ipv4 iifname vpn-vport tcp dport 55324 dnat to 172.20.30.2 + meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.30.2 + meta nfproto ipv4 iifname mullvad tcp dport 56732 dnat to 172.20.30.2 } chain postrouting { type nat hook postrouting priority 100; policy accept |