make natpmp module thing work

2025-10-22 09:26:14 +02:00 · 2025-10-22 09:26:14 +02:00 · d84d25bf0c
commit d84d25bf0c
parent c6df96cfea
3 changed files with 31 additions and 37 deletions
--- a/hosts/nixdesk/default.nix
+++ b/hosts/nixdesk/default.nix
@ -14,7 +14,6 @@
      ./profiles/wireguard.nix
      ./profiles/restic-server.nix
      ./profiles/autologin.nix
-      ./profiles/ssh-public-port-2050.nix

      inputs.impermanence.nixosModules.impermanence
      inputs.stylix.nixosModules.stylix
@ -110,6 +109,16 @@
    '')
  ];

+  own.natpmp-portforward = {
+    enable = true;
+    mappings = [
+      {
+        public = 2050;
+        local = 22;
+      }
+    ];
+  };
+
  nixpkgs.config = {
    # rocmSupport = true;
    allowUnfreePredicate = pkg:
--- a/hosts/nixdesk/profiles/ssh-public-port-2050.nix
+++ b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
@ -1,17 +0,0 @@
-{pkgs, ...}: {
-  systemd.services.ssh-port2050-natpmp = {
-    bindsTo = ["sshd.socket"];
-    after = ["sshd.socket"];
-    wantedBy = ["multi-user.target"];
-    serviceConfig.Restart = "on-failure";
-    serviceConfig.ExecStart = pkgs.writeScript "ssh-port2050-natpmp" ''
-      #!${pkgs.bash}/bin/bash
-
-      while true
-      do
-        ${pkgs.libnatpmp}/bin/natpmpc -a 2050 22 tcp 60
-        ${pkgs.coreutils}/bin/sleep 30
-      done
-    '';
-  };
-}
--- a/modules/natpmp-portforward.nix
+++ b/modules/natpmp-portforward.nix
@ -8,23 +8,25 @@
 in {
  options.own.natpmp-portforward = {
    enable = lib.mkEnableOption "enable natpmp port forwarding service";
-    mappings = lib.types.listOf (lib.types.submodule {
-      options = {
-        public = lib.mkOption {
-          type = lib.types.port;
+    mappings = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          public = lib.mkOption {
+            type = lib.types.port;
+          };
+          local = lib.mkOption {
+            type = lib.types.port;
+          };
+          protocol = lib.mkOption {
+            default = "tcp";
+            type = lib.types.enum [
+              "tcp"
+              "udp"
+            ];
+          };
        };
-        private = lib.mkOption {
-          type = lib.types.port;
-        };
-        protocol = lib.mkOption {
-          default = "tcp";
-          type = lib.types.enum [
-            "tcp"
-            "udp"
-          ];
-        };
-      };
-    });
+      });
+    };
  };

  config = lib.mkIf cfg.enable {
@ -35,10 +37,10 @@ in {
        ExecStart = pkgs.writeScript "natpmp-portforward" ''
          #!${pkgs.bash}/bin/bash

-          "${lib.concatMapStrings (x: ''
-              ${pkgs.libnatpmp}/bin/natpmpc -a ${x.public} ${x.private} ${x.protocol} 60
+          ${lib.concatMapStrings (x: ''
+              ${pkgs.libnatpmp}/bin/natpmpc -a ${toString x.public} ${toString x.local} ${x.protocol} 180
            '')
-            cfg.mappings}"
+            cfg.mappings}
        '';
      };
    };