summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-06-14 01:33:20 +0200
committermakefu <github@syntax-fehler.de>2016-06-14 01:33:20 +0200
commitc9a8bdf50f3cb2cd3b70b4669d454910bcd69654 (patch)
treeedecf491921486845294efb2cb66bdb98a63ccc0
parent204c89131c06cfe4d0d9a7f95a3946ec5845818f (diff)
ma 1 dartH: fix nat from tinc
-rw-r--r--makefu/1systems/darth.nix30
1 files changed, 24 insertions, 6 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix
index 2f2358ddc..08ac7e66e 100644
--- a/makefu/1systems/darth.nix
+++ b/makefu/1systems/darth.nix
@@ -17,19 +17,37 @@ in {
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
];
-
- networking.firewall.allowedUDPPorts = [ 80 655 67 ];
- networking.firewall.allowedTCPPorts = [ 80 655 ];
- networking.firewall.checkReversePath = false;
+ services.tinc.networks.siem = {
+ name = "sdarth";
+ extraConfig = "ConnectTo = sjump";
+ };
#networking.firewall.enable = false;
- # virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
- networking.wireless.enable = true;
+ networking = {
+ wireless.enable = true;
+ firewall = {
+ allowPing = true;
+ logRefusedConnections = false;
+ allowedUDPPorts = [ 80 655 67 ];
+ allowedTCPPorts = [ 80 655 ];
+ };
+ nat = {
+ enable = true;
+ internalIPs = [ "10.8.10.0/24" ];
+ #internalInterfaces = [ "tinc.siem" ];
+ externalIP = "10.8.8.2";
+ externalInterface = "virbr3";
+ };
+ interfaces.virbr3.ip4 = [{
+ address = "10.8.8.2";
+ prefixLength = 24;
+ }];
+ };
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;