Merge remote-tracking branch 'prism/lassulus'

author: tv <tv@krebsco.de> 2017-01-05 19:13:29 +0100
committer: tv <tv@krebsco.de> 2017-01-05 19:13:29 +0100
commit: 62372f917e483bffb78d7e8560a667221e2a160d (patch)
tree: 622b5117a7b70d4998e9e976340647359c21288e /lass/2configs/makefu-sip.nix
parent: 0d4911ce2f7b44af8e04bfd37f25593aa1c33eda (diff)
parent: 2e9d5f604c32c9c938a90c3211d5b7726d17f9ee (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/lass/2configs/makefu-sip.nix b/lass/2configs/makefu-sip.nix
new file mode 100644
index 000000000..9d2e9b696
--- /dev/null
+++ b/lass/2configs/makefu-sip.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  users.users.makefu = {
+    uid = genid "makefu";
+    isNormalUser = true;
+    extraGroups = [ "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.makefu.pubkey
+    ];
+  };
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
+  ];
+
+  krebs.iptables.tables.filter.FORWARD.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+  ];
+}
author	tv <tv@krebsco.de>	2017-01-05 19:13:29 +0100
committer	tv <tv@krebsco.de>	2017-01-05 19:13:29 +0100
commit	62372f917e483bffb78d7e8560a667221e2a160d (patch)
tree	622b5117a7b70d4998e9e976340647359c21288e /lass/2configs/makefu-sip.nix
parent	0d4911ce2f7b44af8e04bfd37f25593aa1c33eda (diff)
parent	2e9d5f604c32c9c938a90c3211d5b7726d17f9ee (diff)