feat: tweaking torrent vm

systems/ceres/config/networking.nix

@@ -10,35 +10,37 @@ in
 {
   microvm.host.enable = true;
 
-  systemd.network.enable = true;
-
-  systemd.network.netdevs."10-br-vms" = {
-    netdevConfig = {
-      Name = "br-vms";
-      Kind = "bridge";
+  systemd.network = {
+    enable = true;
+    netdevs."10-br-vms" = {
+      netdevConfig = {
+        Name = "br-vms";
+        Kind = "bridge";
+      };
     };
-  };
 
-  systemd.network.networks."20-lan" = {
-    matchConfig.Name = [
-      "enp10s0"
-      "vm-*"
-    ];
-    networkConfig = {
-      Bridge = "br-vms";
+    networks = {
+      "20-lan" = {
+        matchConfig.Name = [
+          "enp10s0"
+          "vm-*"
+        ];
+        networkConfig = {
+          Bridge = "br-vms";
+        };
+      };
+      "30-br-vms" = {
+        matchConfig.Name = "br-vms";
+        networkConfig = {
+          Address = "192.168.50.240/24";
+          Gateway = "192.168.50.1";
+          DNS = [ "192.168.50.1" ];
+        };
+        linkConfig.RequiredForOnline = "routable";
+      };
     };
   };
 
-  systemd.network.networks."30-br-vms" = {
-    matchConfig.Name = "br-vms";
-    networkConfig = {
-      Address = "192.168.50.240/24";
-      Gateway = "192.168.50.1";
-      DNS = [ "192.168.50.1" ];
-    };
-    linkConfig.RequiredForOnline = "routable";
-  };
-
   networking = {
     hostName = ceres.name;
     networkmanager.enable = false;
@@ -59,6 +61,19 @@ in
         wireguardService.ports.port0 # WireGuard
         wireguardService.ports.port1 # WireGuard
       ];
+      # Add port ranges for VPN dynamic port forwarding
+      allowedTCPPortRanges = [
+        {
+          from = 30000;
+          to = 65535;
+        }
+      ];
+      allowedUDPPortRanges = [
+        {
+          from = 30000;
+          to = 65535;
+        }
+      ];
     };
   };