MODIFY: port forwarding on semita for tailscale router

2025-01-20 00:07:37 +00:00 · 2025-01-20 00:07:37 +00:00 · 27a5149ad2
parent ecebf8427d
commit 27a5149ad2
2 changed files with 17 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@ -539,11 +539,11 @@
    },
    "nix-secrets": {
      "locked": {
-        "lastModified": 1737313275,
-        "narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=",
+        "lastModified": 1737328660,
+        "narHash": "sha256-3k8JjxDXFOROez0IXfMTLKQYIbW2zCKOs+Ry0kMfJFQ=",
        "ref": "refs/heads/master",
-        "rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d",
-        "revCount": 241,
+        "rev": "46312b04c97372668c44e95623bb3b91b6027b86",
+        "revCount": 243,
        "type": "git",
        "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
      },
@ -633,11 +633,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1737312124,
-        "narHash": "sha256-eZ4WNkrX/0WZVuJbFatnOeMzIn4sUGs7RmRzU1cDGsI=",
+        "lastModified": 1737325604,
+        "narHash": "sha256-nN3e6WnE6cP4GLbDnDRY/cO1vB3HmWViht7m17vXgOE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8dab93a8c1411065f83fd60db8076dd6908449c3",
+        "rev": "1a0411805bc16f5a9571683e986aa1e583673b50",
        "type": "github"
      },
      "original": {
@ -699,11 +699,11 @@
        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1737312190,
-        "narHash": "sha256-ZD2RCrIM/n90sWCMGEalMqgLnDlRCTrI0kFTGs+yvhI=",
+        "lastModified": 1737324996,
+        "narHash": "sha256-zWmNplzxsbMus2InIAVS9L9O1fscm+SG1XNjMUZxwqQ=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "1fedeccb422c9f109cd9663d0936d020f5e5230b",
+        "rev": "de30640a76ddbada94babffe43f5e457282bed08",
        "type": "github"
      },
      "original": {
--- a/hosts/semita/default.nix
+++ b/hosts/semita/default.nix
@ -80,6 +80,8 @@ in {
    fsType = "ext4";
  };

+  services.tailscale.useRoutingFeatures = "server";
+
  boot = {
    blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
    kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
@ -162,6 +164,11 @@ in {

  programs.fuse.userAllowOther = true;

+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = true;
+    "net.ipv6.conf.all.forwarding" = true;
+  };
+
  networking = {
    hostName = "semita";
    nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"];