nixos/colony: Replicate port forwards for internal routing

2023-12-11 15:05:42 +00:00
parent d9d7a714cd
commit 20a3873d25
5 changed files with 59 additions and 39 deletions
--- a/nixos/boxes/colony/vms/estuary/default.nix
+++ b/nixos/boxes/colony/vms/estuary/default.nix
@@ -2,7 +2,7 @@
 let
  inherit (builtins) elemAt;
  inherit (lib.my) net mkVLAN;
-  inherit (lib.my.c.colony) pubV4 domain prefixes;
+  inherit (lib.my.c.colony) pubV4 domain prefixes firewallForwards;
 in
 {
  nixos = {
@@ -356,31 +356,7 @@ in
                nat = {
                  enable = true;
                  externalInterface = "wan";
-                  forwardPorts."${assignments.internal.ipv4.address}" = [
-                    {
-                      port = "http";
-                      dst = allAssignments.middleman.internal.ipv4.address;
-                    }
-                    {
-                      port = "https";
-                      dst = allAssignments.middleman.internal.ipv4.address;
-                    }
-                    {
-                      port = 8448;
-                      dst = allAssignments.middleman.internal.ipv4.address;
-                    }
-
-                    {
-                      port = 2456;
-                      dst = allAssignments.valheim-oci.internal.ipv4.address;
-                      proto = "udp";
-                    }
-                    {
-                      port = 2457;
-                      dst = allAssignments.valheim-oci.internal.ipv4.address;
-                      proto = "udp";
-                    }
-                  ];
+                  forwardPorts."${assignments.internal.ipv4.address}" = firewallForwards allAssignments;
                };
                extraRules =
                let