summaryrefslogtreecommitdiffstats
path: root/lass/1systems
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-11-29 19:54:28 +0100
committertv <tv@krebsco.de>2022-11-29 19:54:28 +0100
commit43428ccca56bdf10572f1c93ebafa82cfdf7dbf5 (patch)
treeb6c79e4f047ccb8842c9e5f7b73688ccbc5ff053 /lass/1systems
parent5c05e2a9b68b01e1f0f69a1e4414bce21a801f1f (diff)
parent32b23666d15861f6f4d8b1f522ee53d4f21fabb6 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems')
-rw-r--r--lass/1systems/prism/config.nix18
-rw-r--r--lass/1systems/prism/physical.nix18
2 files changed, 12 insertions, 24 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 62c6f0b71..7bffc39aa 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,6 @@ with import <stockholm/lib>;
];
}
{ # TODO make new hfos.nix out of this vv
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid_uint31 "riot";
isNormalUser = true;
@@ -33,23 +32,10 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
- packages = [
- (pkgs.writeDashBin "kick-routing" ''
- /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '')
- ];
};
- security.sudo.extraConfig = ''
- riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
-
- # TODO write function for proxy_pass (ssl/nonssl)
-
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
+ { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
];
}
{
diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix
index 151cfbf41..027a27b2b 100644
--- a/lass/1systems/prism/physical.nix
+++ b/lass/1systems/prism/physical.nix
@@ -78,29 +78,31 @@
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
- boot.kernelParams = [ "net.ifnames=0" ];
+ # we don't pay for power there and this might solve a problem we observed at least once
+ # https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben
+ boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
networking.dhcpcd.enable = false;
+
+ # bridge config
+ networking.bridges."ext-br".interfaces = [ "eth0" ];
networking = {
hostId = "2283aaae";
defaultGateway = "95.216.1.129";
- defaultGateway6 = { address = "fe80::1"; interface = "eth0"; };
+ defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
# Use google's public DNS server
nameservers = [ "8.8.8.8" ];
- interfaces.eth0.ipv4.addresses = [
+ interfaces.ext-br.ipv4.addresses = [
{
address = "95.216.1.150";
prefixLength = 26;
}
- {
- address = "95.216.1.130";
- prefixLength = 26;
- }
];
- interfaces.eth0.ipv6.addresses = [
+ interfaces.ext-br.ipv6.addresses = [
{
address = "2a01:4f9:2a:1e9::1";
prefixLength = 64;
}
];
};
+
}