summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2018-04-20 23:30:19 +0200
committerlassulus <lassulus@lassul.us>2018-04-20 23:37:15 +0200
commite77030e772899bcc747568752cdb2a997a6972bf (patch)
treef79a258bd1ac6d258f3d730110f07f1fb5150e11
parentb0678507404bba2c12df39c1d21431ddd9102fcb (diff)
l prism.r: use iptables for hackerfleet
-rw-r--r--lass/1systems/prism/config.nix30
1 files changed, 7 insertions, 23 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index c0e4620cc..e937db83a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -110,29 +110,13 @@ in {
};
# TODO write function for proxy_pass (ssl/nonssl)
- services.nginx.virtualHosts."hackerfleet.de" = {
- serverAliases = [
- "*.hackerfleet.de"
- ];
- locations."/".extraConfig = ''
- proxy_pass http://192.168.122.92:80;
- '';
- };
- services.nginx.virtualHosts."hackerfleet.de-s" = {
- serverName = "hackerfleet.de";
- listen = [
- {
- addr = "0.0.0.0";
- port = 443;
- }
- ];
- serverAliases = [
- "*.hackerfleet.de"
- ];
- locations."/".extraConfig = ''
- proxy_pass http://192.168.122.92:443;
- '';
- };
+
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ ];
}
{
users.users.tv = {