l prism.r: simplify networking
This commit is contained in:
parent
c345613cf0
commit
dae12b6893
@ -25,7 +25,6 @@ with import <stockholm/lib>;
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ # TODO make new hfos.nix out of this vv
|
{ # TODO make new hfos.nix out of this vv
|
||||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
|
||||||
users.users.riot = {
|
users.users.riot = {
|
||||||
uid = genid_uint31 "riot";
|
uid = genid_uint31 "riot";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
@ -33,23 +32,10 @@ with import <stockholm/lib>;
|
|||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
|
||||||
];
|
];
|
||||||
packages = [
|
|
||||||
(pkgs.writeDashBin "kick-routing" ''
|
|
||||||
/run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
security.sudo.extraConfig = ''
|
|
||||||
riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
|
|
||||||
'';
|
|
||||||
|
|
||||||
# TODO write function for proxy_pass (ssl/nonssl)
|
|
||||||
|
|
||||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
|
{ v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
|
||||||
];
|
{ v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
|
||||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
|
||||||
{ v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -78,29 +78,31 @@
|
|||||||
boot.loader.grub.version = 2;
|
boot.loader.grub.version = 2;
|
||||||
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
|
||||||
|
|
||||||
boot.kernelParams = [ "net.ifnames=0" ];
|
# we don't pay for power there and this might solve a problem we observed at least once
|
||||||
|
# https://www.thomas-krenn.com/de/wiki/PCIe_Bus_Error_Status_00001100_beheben
|
||||||
|
boot.kernelParams = [ "pcie_aspm=off" "net.ifnames=0" ];
|
||||||
networking.dhcpcd.enable = false;
|
networking.dhcpcd.enable = false;
|
||||||
|
|
||||||
|
# bridge config
|
||||||
|
networking.bridges."ext-br".interfaces = [ "eth0" ];
|
||||||
networking = {
|
networking = {
|
||||||
hostId = "2283aaae";
|
hostId = "2283aaae";
|
||||||
defaultGateway = "95.216.1.129";
|
defaultGateway = "95.216.1.129";
|
||||||
defaultGateway6 = { address = "fe80::1"; interface = "eth0"; };
|
defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; };
|
||||||
# Use google's public DNS server
|
# Use google's public DNS server
|
||||||
nameservers = [ "8.8.8.8" ];
|
nameservers = [ "8.8.8.8" ];
|
||||||
interfaces.eth0.ipv4.addresses = [
|
interfaces.ext-br.ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "95.216.1.150";
|
address = "95.216.1.150";
|
||||||
prefixLength = 26;
|
prefixLength = 26;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
address = "95.216.1.130";
|
|
||||||
prefixLength = 26;
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
interfaces.eth0.ipv6.addresses = [
|
interfaces.ext-br.ipv6.addresses = [
|
||||||
{
|
{
|
||||||
address = "2a01:4f9:2a:1e9::1";
|
address = "2a01:4f9:2a:1e9::1";
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user