From 476cab8c9d1a9f8cde3870af297975567c8a03e8 Mon Sep 17 00:00:00 2001
From: Andreas Schaafsma <andreas@subsonics.nl>
Date: Sat, 28 Feb 2026 16:34:11 +0100
Subject: [PATCH] forward 9090 to vm

---
 .../drivebystation-nix/configuration.nix      | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/systems/x86_64-linux/drivebystation-nix/configuration.nix b/systems/x86_64-linux/drivebystation-nix/configuration.nix
index fed2f2c..66c08f2 100644
--- a/systems/x86_64-linux/drivebystation-nix/configuration.nix
+++ b/systems/x86_64-linux/drivebystation-nix/configuration.nix
@@ -197,11 +197,38 @@
   networking.firewall.allowedTCPPorts = [
     24800 #Synergy
     53317 #localsend
+    3390 #rdp
+    9090
   ];
   networking.firewall.allowedUDPPorts = [
     24800 #Synergy
     53317 #localsend
+    3390 #rdp
+    9090
   ];
+  networking.firewall.trustedInterfaces = [ "virbr0" ];
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "virbr0" ];
+    externalInterface = "enp75s0";
+    extraCommands = ''
+      # MASQUERADE forwarded traffic to VM so it knows how to route back
+      iptables -t nat -A nixos-nat-post -o virbr0 -j MASQUERADE
+    '';
+    forwardPorts = [
+      {
+        sourcePort = 9090;
+        proto = "tcp";
+        destination = "192.168.122.113:9090";
+      }
+      {
+        sourcePort = 9090;
+        proto = "udp";
+        destination = "192.168.122.113:9090";
+      }
+    ];
+  };
+
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;