port forwarding in gluetun container

2025-01-22 20:08:13 +00:00 · 2025-01-22 20:08:13 +00:00 · 46cc81b5e9
parent acf5706bf6
commit 46cc81b5e9
1 changed files with 20 additions and 9 deletions
--- a/hosts/common/optional/arion-containers/arrstack.nix
+++ b/hosts/common/optional/arion-containers/arrstack.nix
@ -1,5 +1,4 @@
-{config, ...}: 
-let
+{config, ...}: let
  openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
  openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
 in {
@ -8,6 +7,18 @@ in {
    "software/proton/openvpn_user" = {};
  };

+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        6887
+      ];
+      allowedUDPPorts = [
+        6887
+      ];
+    };
+  };
+
  virtualisation.arion = {
    backend = "podman-socket";
    projects.arrstack = {
@ -31,6 +42,7 @@ in {
            VPN_SERVICE_PROVIDER = "protonvpn";
            VPN_TYPE = "openvpn";
            SERVER_COUNTRIES = "Switzerland";
+            VPN_PORT_FORWARDING = "on";
          };
          devices = ["/dev/net/tun:/dev/net/tun"];
        };
@ -52,7 +64,6 @@ in {
          };
          network_mode = "service:gluetun";
        };
-
      };
    };
  };