l: add & import makefu-sip config

author: lassulus <lass@lassul.us> 2016-12-29 18:15:41 +0100
committer: lassulus <lass@lassul.us> 2016-12-29 18:15:41 +0100
commit: 88c6a1ddc699e92142d32051381ca843d037a60c (patch)
tree: 571af760cdf707374d8fe41f45b3d05ab0b96d36 /lass
parent: ecc89618f8fc127ea4e51cfd56858d30c381eabb (diff)
2 files changed, 22 insertions, 0 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 39026d10..854c98f4 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -26,6 +26,7 @@ in {
     ../2configs/iodined.nix
     ../2configs/libvirt.nix
     ../2configs/hfos.nix
+    ../2configs/makefu-sip.nix
     {
       users.extraGroups = {
         # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
diff --git a/lass/2configs/makefu-sip.nix b/lass/2configs/makefu-sip.nix
new file mode 100644
index 00000000..9d2e9b69
--- /dev/null
+++ b/lass/2configs/makefu-sip.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  users.users.makefu = {
+    uid = genid "makefu";
+    isNormalUser = true;
+    extraGroups = [ "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.makefu.pubkey
+    ];
+  };
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
+  ];
+
+  krebs.iptables.tables.filter.FORWARD.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+  ];
+}
author	lassulus <lass@lassul.us>	2016-12-29 18:15:41 +0100
committer	lassulus <lass@lassul.us>	2016-12-29 18:15:41 +0100
commit	88c6a1ddc699e92142d32051381ca843d037a60c (patch)
tree	571af760cdf707374d8fe41f45b3d05ab0b96d36 /lass
parent	ecc89618f8fc127ea4e51cfd56858d30c381eabb (diff)