summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-04-24 19:28:09 +0200
committertv <tv@krebsco.de>2018-04-24 19:28:09 +0200
commit21053de317e838c06a20425bdb3e81b7ac132d83 (patch)
treed722f9c2a525d6d66310da5e86dbcff73c79672a /lass/1systems/prism/config.nix
parent0fe9b28302c905523f2ecefadfd167e1547785f9 (diff)
parentc99e8256b223761eb50cf5d6841ab64f989851c3 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix36
1 files changed, 12 insertions, 24 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index c0e4620cc..983604f8e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -8,11 +8,15 @@ in {
imports = [
<stockholm/lass>
{
- networking.interfaces.et0.ip4 = [
+ networking.interfaces.et0.ipv4.addresses = [
{
address = ip;
prefixLength = 27;
}
+ {
+ address = "46.4.114.243";
+ prefixLength = 27;
+ }
];
networking.defaultGateway = "46.4.114.225";
networking.nameservers = [
@@ -110,29 +114,13 @@ in {
};
# TODO write function for proxy_pass (ssl/nonssl)
- services.nginx.virtualHosts."hackerfleet.de" = {
- serverAliases = [
- "*.hackerfleet.de"
- ];
- locations."/".extraConfig = ''
- proxy_pass http://192.168.122.92:80;
- '';
- };
- services.nginx.virtualHosts."hackerfleet.de-s" = {
- serverName = "hackerfleet.de";
- listen = [
- {
- addr = "0.0.0.0";
- port = 443;
- }
- ];
- serverAliases = [
- "*.hackerfleet.de"
- ];
- locations."/".extraConfig = ''
- proxy_pass http://192.168.122.92:443;
- '';
- };
+
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.92"; target = "ACCEPT"; }
+ ];
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 46.4.114.243"; target = "DNAT --to-destination 192.168.122.92"; }
+ ];
}
{
users.users.tv = {