From b1823c1d2cf6c91dc0213e49b720814d1ac11767 Mon Sep 17 00:00:00 2001
From: Grigory Shipunov <blame@oxapentane.com>
Date: Mon, 30 Jan 2023 23:30:48 +0100
Subject: [PATCH] add port forward for music

---
 hosts/cirrus/wireguard-server.nix | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/hosts/cirrus/wireguard-server.nix b/hosts/cirrus/wireguard-server.nix
index 45c3dcb..a869294 100644
--- a/hosts/cirrus/wireguard-server.nix
+++ b/hosts/cirrus/wireguard-server.nix
@@ -1,7 +1,27 @@
 { config, ... }:
 {
-  networking.firewall.allowedUDPPorts = [ 51820 51821 ];
+  networking.firewall = {
+    allowedUDPPorts = [
+      # wireguards
+      51820
+      51821
+    ];
+    allowedTCPPorts = [
+      # port forward ssh to music
+      2020
+    ];
+    # port-forward ssh to the music machine
+    extraCommands = ''
+      iptables -t nat -I PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22
+    '';
+    extraStopCommands = ''
+      iptables -t nat -D PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 || true
+    '';
+  };
+
+
   networking.wireguard.enable = true;
+
   systemd.network = {
     # oxalab
     netdevs."oxalab" = {