From fed866990c2f99e976be232c1daf552d1b643bb3 Mon Sep 17 00:00:00 2001
From: James Walker <walkah@walkah.net>
Date: Fri, 12 Jul 2024 15:09:14 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=20minecraft:=20fix=20nat=20forward?=
 =?UTF-8?q?ing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/minecraft/proxy.nix | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/modules/minecraft/proxy.nix b/modules/minecraft/proxy.nix
index f340f8f..e1610e8 100644
--- a/modules/minecraft/proxy.nix
+++ b/modules/minecraft/proxy.nix
@@ -1,14 +1,32 @@
-{ pkgs, ... }:
+_:
 let
   dest_ip = "100.111.208.75";
+  dest_port = 25565;
 in
 {
-  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-  networking.firewall.allowedTCPPorts = [ 25565 ];
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ dest_port ];
+    };
+    nat = {
+      enable = true;
+      internalInterfaces = [ "tailscale0" ];
+      externalInterface = "eth0";
+      forwardPorts = [
+        {
+          sourcePort = dest_port;
+          proto = "tcp";
+          destination = "${dest_ip}:${toString dest_port}";
+        }
+      ];
+    };
+  };
 
-  networking.firewall.extraCommands = ''
-    IPTABLES=${pkgs.iptables}/bin/iptables
-    "$IPTABLES" -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination ${dest_ip}:25565
-    "$IPTABLES" -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
-  '';
+  services = {
+    tailscale = {
+      useRoutingFeatures = "server";
+      extraUpFlags = [ "--stateful-filtering=false" ];
+    };
+  };
 }