chia: router: forward port 8444 tcp to tywin

hosts/router.home.ts.hillion.co.uk/default.nix

@@ -95,12 +95,15 @@
                 "eth1",
                 "eth2",
               } ct state established,related counter accept comment "Allow established back to LANs"
+
+              ip daddr 10.64.50.20 tcp dport 8444 counter accept comment "Chia"
             }
           }
 
           table ip nat {
             chain prerouting {
-              type nat hook output priority filter; policy accept;
+              type nat hook prerouting priority filter; policy accept;
+              iifname eth0 tcp dport 8444 counter dnat to 10.64.50.20
             }
 
             chain postrouting {
@@ -144,6 +147,12 @@
             ipAddress = "10.239.19.40";
             hostName = "tasmota-2A867A-1658";
           }
+          {
+            # tywin.storage.ts.hillion.co.uk
+            ethernetAddress = "c8:7f:54:6d:e1:03";
+            ipAddress = "10.64.50.20";
+            hostName = "tywin";
+          }
         ];
       };
     };

hosts/tywin.storage.ts.hillion.co.uk/default.nix

@@ -65,6 +65,7 @@
     };
     custom.chia = {
       enable = true;
+      openFirewall = true;
       path = "/data/chia";
       keyFile = config.age.secrets."chia/farmer.key".path;
       targetAddress = "xch1tl87mjd9zpugs7qy2ysc3j4qlftqlyjn037jywq6v2y4kp22g74qahn6sw";

modules/chia.nix

@@ -23,6 +23,10 @@ in
       type = with lib.types; nullOr (listOf str);
       default = null;
     };
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -76,6 +80,10 @@ in
         IOSchedulingPriority = 7;
       };
     };
+
+    networking.firewall = lib.mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 8444 ];
+    };
   };
 }