diff options
author | lassulus <lassulus@lassul.us> | 2018-04-20 23:30:19 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2018-04-20 23:37:15 +0200 |
commit | e77030e772899bcc747568752cdb2a997a6972bf (patch) | |
tree | f79a258bd1ac6d258f3d730110f07f1fb5150e11 | |
parent | b0678507404bba2c12df39c1d21431ddd9102fcb (diff) |
l prism.r: use iptables for hackerfleet
-rw-r--r-- | lass/1systems/prism/config.nix | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c0e4620cc..e937db83a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,29 +110,13 @@ in { }; # TODO write function for proxy_pass (ssl/nonssl) - services.nginx.virtualHosts."hackerfleet.de" = { - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:80; - ''; - }; - services.nginx.virtualHosts."hackerfleet.de-s" = { - serverName = "hackerfleet.de"; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - } - ]; - serverAliases = [ - "*.hackerfleet.de" - ]; - locations."/".extraConfig = '' - proxy_pass http://192.168.122.92:443; - ''; - }; + + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; } + ]; } { users.users.tv = { |