diff options
| author | makefu <github@syntax-fehler.de> | 2016-12-28 03:40:28 +0100 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2016-12-28 03:40:28 +0100 |
| commit | c422632d0370f15d4f0b0a5ce35e79a90e49740c (patch) | |
| tree | ba271e34c75085970889d62dfc76e12b4c5a1374 /lass/2configs/hfos.nix | |
| parent | 096d83fe893f5134be957bf6dfe3da99e038e8a5 (diff) | |
| parent | 0d61093e18929e48ebfd984c1e0f2b6b1f0c6c58 (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/2configs/hfos.nix')
| -rw-r--r-- | lass/2configs/hfos.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix new file mode 100644 index 000000000..f6f09e226 --- /dev/null +++ b/lass/2configs/hfos.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + users.users.riot = { + uid = genid "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5NnADMRySix1kcxQwseHfem/SCDmkbvwc+ZZu7HFz4zss1k4Fh1knsukMY83zlno8p/8bBPWyixLTxuZHNy26af8GP95bvV3brnpRmrijkE4dOlpd+wvPcIyTKNunJvMzNDP/ry9g2GczEZKGWvQZudq/nI54HaCaRWM2kzEMEg8Rr9SGlZEKo8B+8HGVsz1a8USOnm8dqYP9dmfLdpy/s+7yWJSPh8wokvWeOOrahirOhO99ZfXm2gcdHqSKvbD2+4EYEm5w8iFrbYBT2wZ3u9ZOiooL/JuEBBdnDrcqZqeaTw0vOdKPvkUP8/rzRjvIwSkynMSD8fixpdGRNeIB riot@lagrange" + config.krebs.users.lass.pubkey + ]; + }; + + networking.interfaces.et0.ip4 = [ + { + address = "213.239.205.246"; + prefixLength = 24; + } + ]; + + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; } + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; } + { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; } + ]; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; } + ]; +} |