stockholm/lass/2configs/hfos.nix

42 lines
2.3 KiB
Nix
Raw Normal View History

2016-12-26 13:23:52 +00:00
{ config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
users.users.riot = {
uid = genid "riot";
isNormalUser = true;
extraGroups = [ "libvirtd" ];
openssh.authorizedKeys.keys = [
2017-01-10 18:18:11 +00:00
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
2016-12-26 13:23:52 +00:00
config.krebs.users.lass.pubkey
];
};
networking.interfaces.et0.ip4 = [
{
address = "213.239.205.246";
prefixLength = 24;
}
];
krebs.iptables.tables.nat.PREROUTING.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
2017-01-09 16:13:24 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
2016-12-27 00:20:57 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
2016-12-26 13:23:52 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
krebs.iptables.tables.filter.FORWARD.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
2017-01-09 16:13:24 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
2016-12-27 00:20:57 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
2016-12-26 13:23:52 +00:00
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
];
2017-02-14 12:20:14 +00:00
krebs.iptables.tables.nat.OUTPUT.rules = [
{ v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
];
systemd.services.krebs-iptables.after = [ "libvirtd.service" ];
2016-12-26 13:23:52 +00:00
}