devices.vps6: add ssh port forwarding to pc

2026-01-12 02:09:26 +08:00 · 2025-11-05 23:28:53 +08:00
parent b9d727ebee
commit 385142b432
1 changed files with 9 additions and 1 deletions
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -65,11 +65,16 @@ inputs:
    networking.nftables.tables.forward =
    {
      family = "inet";
-      content = let srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.srv2-node0"; in
+      content =
+        let
+          srv2 = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.srv2-node0";
+          pc = inputs.topInputs.self.config.dns."chn.moe".getAddress "tinc0.pc";
+        in
      ''
        chain prerouting {
          type nat hook prerouting priority dstnat; policy accept;
          tcp dport 7011 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
+          tcp dport 7012 fib daddr type local counter meta mark set meta mark | 4 dnat ip to ${pc}:22
        }
        chain output {
          type nat hook output priority dstnat; policy accept;
@@ -77,6 +82,9 @@ inputs:
          meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
            tcp dport 7011 fib daddr type local \
            counter meta mark set meta mark | 4 dnat ip to ${srv2}:22
+          meta skgid != ${builtins.toString inputs.config.users.groups.nginx.gid} \
+            tcp dport 7012 fib daddr type local \
+            counter meta mark set meta mark | 4 dnat ip to ${pc}:22
        }
        chain postrouting {
          type nat hook postrouting priority srcnat; policy accept;