diff options
author | makefu <github@syntax-fehler.de> | 2016-06-14 01:33:20 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-06-14 01:33:20 +0200 |
commit | c9a8bdf50f3cb2cd3b70b4669d454910bcd69654 (patch) | |
tree | edecf491921486845294efb2cb66bdb98a63ccc0 | |
parent | 204c89131c06cfe4d0d9a7f95a3946ec5845818f (diff) |
ma 1 dartH: fix nat from tinc
-rw-r--r-- | makefu/1systems/darth.nix | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 2f2358ddc..08ac7e66e 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,19 +17,37 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix ]; - - networking.firewall.allowedUDPPorts = [ 80 655 67 ]; - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.checkReversePath = false; + services.tinc.networks.siem = { + name = "sdarth"; + extraConfig = "ConnectTo = sjump"; + }; #networking.firewall.enable = false; - # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - networking.wireless.enable = true; + networking = { + wireless.enable = true; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedUDPPorts = [ 80 655 67 ]; + allowedTCPPorts = [ 80 655 ]; + }; + nat = { + enable = true; + internalIPs = [ "10.8.10.0/24" ]; + #internalInterfaces = [ "tinc.siem" ]; + externalIP = "10.8.8.2"; + externalInterface = "virbr3"; + }; + interfaces.virbr3.ip4 = [{ + address = "10.8.8.2"; + prefixLength = 24; + }]; + }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; |