eve-psr-nix0/nix/system/network.nix

{ config, ... }: {
  networking = {
    hostName = "eve-psr-nix0";
    firewall = {
      allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 ];
      allowedUDPPorts = [ 53 51820 config.services.tailscale.port ];
      extraCommands = ''
        iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE
      '';
      extraStopCommands = ''
        iptables -t nat -D POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE
      '';
    };
    nat.enable = true;
  };
}