diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/gg23.nix | 24 | ||||
| -rw-r--r-- | lass/2configs/riot.nix | 14 |
2 files changed, 30 insertions, 8 deletions
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 51db9a40a..1af2fa226 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -2,9 +2,11 @@ with import <stockholm/lib>; { + # ipv6 from vodafone is really really flaky + boot.kernel.sysctl."net.ipv6.conf.et0.disable_ipv6" = 1; systemd.network.networks."50-et0" = { matchConfig.Name = "et0"; - DHCP = "yes"; + DHCP = "ipv4"; # dhcpV4Config.UseDNS = false; # dhcpV6Config.UseDNS = false; linkConfig = { @@ -23,14 +25,15 @@ with import <stockholm/lib>; # Managed = true; # }; }; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; systemd.network.networks."50-int0" = { name = "int0"; address = [ "10.42.0.1/24" ]; networkConfig = { - IPForward = "yes"; - IPMasquerade = "both"; + # IPForward = "yes"; + # IPMasquerade = "both"; ConfigureWithoutCarrier = true; DHCPServer = "yes"; # IPv6SendRA = "yes"; @@ -49,9 +52,16 @@ with import <stockholm/lib>; krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; } + ]; networking.domain = "gg23"; + networking.useHostResolvConf = false; + services.resolved.extraConfig = '' + DNSStubListener=no + ''; services.dnsmasq = { enable = true; resolveLocalQueries = false; @@ -64,4 +74,12 @@ with import <stockholm/lib>; interface=int0 ''; }; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "restart_router" '' + ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m OFF + sleep 2 + ${pkgs.mosquitto}/bin/mosquitto_pub -h localhost -t 'cmnd/router/POWER' -u gg23 -P gg23-mqtt -m ON + '') + ]; } diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix index 559e7b20d..6aacec5b6 100644 --- a/lass/2configs/riot.nix +++ b/lass/2configs/riot.nix @@ -31,27 +31,31 @@ privateNetwork = true; hostAddress = "10.233.1.1"; localAddress = "10.233.1.2"; - forwardPorts = [ - { hostPort = 45622; containerPort = 22; } - ]; }; systemd.network.networks."50-ve-riot" = { matchConfig.Name = "ve-riot"; networkConfig = { - IPForward = "yes"; # weirdly we have to use POSTROUTING MASQUERADE here + # and set ip_forward manually + # IPForward = "yes"; # IPMasquerade = "both"; LinkLocalAddressing = "no"; KeepConfiguration = "static"; }; }; - # networking.nat can be used instead of this + boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkDefault 1; + krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s ${config.containers.riot.localAddress}"; target = "MASQUERADE"; } ]; + + # networking.nat can be used instead of this + krebs.iptables.tables.nat.PREROUTING.rules = [ + { predicate = "-p tcp --dport 45622"; target = "DNAT --to-destination ${config.containers.riot.localAddress}:22"; v6 = false; } + ]; krebs.iptables.tables.filter.FORWARD.rules = [ { predicate = "-i ve-riot"; target = "ACCEPT"; } { predicate = "-o ve-riot"; target = "ACCEPT"; } |