Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ma 1 dartH: fix nat from tinc

Browse Source
This commit is contained in:
makefu 2016-06-14 01:33:20 +02:00
parent 204c89131c
commit c9a8bdf50f
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
makefu/1systems/darth.nix
View File

@ -17,19 +17,37 @@ in {
../2configs/exim-retiolum.nix
../2configs/virtualization.nix
];
networking.firewall.allowedUDPPorts = [ 80 655 67 ];
networking.firewall.allowedTCPPorts = [ 80 655 ];
networking.firewall.checkReversePath = false;
services.tinc.networks.siem = {
name = "sdarth";
extraConfig = "ConnectTo = sjump";
};
#networking.firewall.enable = false;
# virtualisation.nova.enableSingleNode = true;
krebs.retiolum.enable = true;
boot.kernelModules = [ "coretemp" "f71882fg" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking.wireless.enable = true;
networking = {
wireless.enable = true;
firewall = {
allowPing = true;
logRefusedConnections = false;
allowedUDPPorts = [ 80 655 67 ];
allowedTCPPorts = [ 80 655 ];
};
nat = {
enable = true;
internalIPs = [ "10.8.10.0/24" ];
#internalInterfaces = [ "tinc.siem" ];
externalIP = "10.8.8.2";
externalInterface = "virbr3";
};
interfaces.virbr3.ip4 = [{
address = "10.8.8.2";
prefixLength = 24;
}];
};
# TODO smartd omo darth gum all-in-one
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;