From 5a3dcbe207323690143fff0f1ebeb4a28f2acfc6 Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Fri, 24 Oct 2025 20:40:29 +0200
Subject: forward mimer's wireguard port

---
 router.nix | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'router.nix')

diff --git a/router.nix b/router.nix
index 3cca35e..88e2ab7 100644
--- a/router.nix
+++ b/router.nix
@@ -9,12 +9,24 @@ in
 
   networking = {
     nftables.enable = true;
-    firewall.filterForward = true;
+    firewall = {
+      filterForward = true;
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [
+        53
+        67
+      ];
+    };
     nat = {
       enable = true;
       externalInterface = wanInterface;
       internalInterfaces = [ "br0" ];
       forwardPorts = [
+        {
+          sourcePort = 51801;
+          destination = "10.69.0.3:51801";
+          proto = "udp";
+        }
         {
           sourcePort = 80;
           destination = "10.69.0.3:80";
@@ -55,7 +67,9 @@ in
         }
       ];
     };
+    nameservers = [ "127.0.0.1" ];
   };
+
   services.hostapd = {
     enable = true;
     radios.${wifiInterface} = {
@@ -106,12 +120,6 @@ in
       ];
     };
   };
-  networking.nameservers = [ "127.0.0.1" ];
-  networking.firewall.allowedUDPPorts = [
-    53
-    67
-  ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
   oden.persist.directories = [ "/var/lib/dnsmasq" ];
 
   age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
-- 
cgit v1.2.3