evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(work-vm): NAT to localhost

Browse Source
This commit is contained in:
Evan Reichard
2026-04-15 09:40:39 -04:00
parent 397faba95b
commit c72759d426
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
systems/aarch64-linux/lin-va-mbp-work-vm/default.nix
View File

@@ -14,7 +14,6 @@ in
system.stateVersion = "25.11"; system.stateVersion = "25.11";
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
networking.firewall.trustedInterfaces = [ "enp0s1" ];
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
# System Config # System Config
@@ -53,16 +52,29 @@ in
}; };
}; };
# Trust Interface & NAT All Ports
networking = {
firewall.trustedInterfaces = [ "enp0s1" ];
nftables.enable = true;
nftables.ruleset = ''
table ip nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
iifname "enp0s1" meta l4proto tcp dnat ip to 127.0.0.1
iifname "enp0s1" meta l4proto udp dnat ip to 127.0.0.1
}
}
'';
};
# Allow NAT
boot.kernel.sysctl = {
"net.ipv4.conf.all.route_localnet" = 1;
};
fileSystems."/mnt/host-share" = { fileSystems."/mnt/host-share" = {
device = "share"; device = "share";
fsType = "virtiofs"; fsType = "virtiofs";
options = [ "defaults" ]; options = [ "defaults" ];
}; };
# fileSystems."/home/evanreichard/Development" = {
# device = "/mnt/host-share/Development";
# fsType = "none";
# options = [ "bind" ];
# depends = [ "/mnt/host-share" ];
# };
} }