Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2019-01-28 08:32:05 +0100
committer: makefu <github@syntax-fehler.de> 2019-01-28 08:32:05 +0100
commit: 7bc36518d1afc1050994e0806477fed2c8fa45da (patch)
tree: f801d55e368f7ce7c10a97482808eeab9491f45f /lass/1systems/prism
parent: 0c25e9790578821a1038831ea852c6bfbc83ff97 (diff)
parent: 56a0b3f0020b4465d1f1d573e5d427d8c702fd86 (diff)
2 files changed, 23 insertions, 6 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index df2778bef..23746d210 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -36,10 +36,10 @@ with import <stockholm/lib>;
       # TODO write function for proxy_pass (ssl/nonssl)
 
       krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
       ];
       krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+        { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
       ];
     }
     {
@@ -379,6 +379,7 @@ with import <stockholm/lib>;
           name = "download";
           home = "/var/download";
           useDefaultShell = true;
+          uid = genid "download";
           openssh.authorizedKeys.keys = with config.krebs.users; [
             lass.pubkey
             lass-shodan.pubkey
@@ -420,6 +421,16 @@ with import <stockholm/lib>;
          { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; }
       ];
     }
+    {
+      nix.trustedUsers = [ "Mic92" ];
+      users.users.Mic92 = {
+        uid = genid_uint31 "Mic92";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.Mic92.pubkey
+        ];
+      };
+    }
   ];
 
   krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index a2b5efb29..9a84e9d63 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -63,9 +63,15 @@
     defaultGateway = "95.216.1.129";
     # Use google's public DNS server
     nameservers = [ "8.8.8.8" ];
-    interfaces.eth0 = {
-      ipAddress = "95.216.1.150";
-      prefixLength = 26;
-    };
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "95.216.1.150";
+        prefixLength = 26;
+      }
+      {
+        address = "95.216.1.130";
+        prefixLength = 26;
+      }
+    ];
   };
 }
author	makefu <github@syntax-fehler.de>	2019-01-28 08:32:05 +0100
committer	makefu <github@syntax-fehler.de>	2019-01-28 08:32:05 +0100
commit	7bc36518d1afc1050994e0806477fed2c8fa45da (patch)
tree	f801d55e368f7ce7c10a97482808eeab9491f45f /lass/1systems/prism
parent	0c25e9790578821a1038831ea852c6bfbc83ff97 (diff)
parent	56a0b3f0020b4465d1f1d573e5d427d8c702fd86 (diff)