summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism/config.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-11-24 17:15:14 +0100
committerlassulus <lassulus@lassul.us>2022-11-24 17:15:14 +0100
commitdae12b6893a1d28e8bcb1fe3fb9ee8757bbfbed4 (patch)
treea406ba8a91984054781e339f6815a955699832bc /lass/1systems/prism/config.nix
parentc345613cf0868c7835821f395aacdc0d135557c7 (diff)
l prism.r: simplify networking
Diffstat (limited to 'lass/1systems/prism/config.nix')
-rw-r--r--lass/1systems/prism/config.nix18
1 files changed, 2 insertions, 16 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 62c6f0b71..7bffc39aa 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -25,7 +25,6 @@ with import <stockholm/lib>;
];
}
{ # TODO make new hfos.nix out of this vv
- boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
users.users.riot = {
uid = genid_uint31 "riot";
isNormalUser = true;
@@ -33,23 +32,10 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange"
];
- packages = [
- (pkgs.writeDashBin "kick-routing" ''
- /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '')
- ];
};
- security.sudo.extraConfig = ''
- riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
-
- # TODO write function for proxy_pass (ssl/nonssl)
-
krebs.iptables.tables.filter.FORWARD.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 192.168.122.141"; target = "ACCEPT"; }
- ];
- krebs.iptables.tables.nat.PREROUTING.rules = [
- { v6 = false; precedence = 1000; predicate = "-d 95.216.1.130"; target = "DNAT --to-destination 192.168.122.141"; }
+ { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; }
+ { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; }
];
}
{