diff options
author | lassulus <lass@aidsballs.de> | 2016-06-14 09:54:02 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-06-14 09:54:02 +0200 |
commit | d5cfc4bf1992f566044861b220243be20d31491c (patch) | |
tree | e056a8c441904db72618a09bf7fb5d5c8beec3af /makefu/1systems/darth.nix | |
parent | 371750b8d8a031694e2ffa368f787bfcdb2a9d46 (diff) | |
parent | eb710a17e28bbec2a4f7877533f101fa78ece209 (diff) |
Merge remote-tracking branch 'wolf/master'
Diffstat (limited to 'makefu/1systems/darth.nix')
-rw-r--r-- | makefu/1systems/darth.nix | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/makefu/1systems/darth.nix b/makefu/1systems/darth.nix index 2f2358ddc..08ac7e66e 100644 --- a/makefu/1systems/darth.nix +++ b/makefu/1systems/darth.nix @@ -17,19 +17,37 @@ in { ../2configs/exim-retiolum.nix ../2configs/virtualization.nix ]; - - networking.firewall.allowedUDPPorts = [ 80 655 67 ]; - networking.firewall.allowedTCPPorts = [ 80 655 ]; - networking.firewall.checkReversePath = false; + services.tinc.networks.siem = { + name = "sdarth"; + extraConfig = "ConnectTo = sjump"; + }; #networking.firewall.enable = false; - # virtualisation.nova.enableSingleNode = true; krebs.retiolum.enable = true; boot.kernelModules = [ "coretemp" "f71882fg" ]; hardware.enableAllFirmware = true; nixpkgs.config.allowUnfree = true; - networking.wireless.enable = true; + networking = { + wireless.enable = true; + firewall = { + allowPing = true; + logRefusedConnections = false; + allowedUDPPorts = [ 80 655 67 ]; + allowedTCPPorts = [ 80 655 ]; + }; + nat = { + enable = true; + internalIPs = [ "10.8.10.0/24" ]; + #internalInterfaces = [ "tinc.siem" ]; + externalIP = "10.8.8.2"; + externalInterface = "virbr3"; + }; + interfaces.virbr3.ip4 = [{ + address = "10.8.8.2"; + prefixLength = 24; + }]; + }; # TODO smartd omo darth gum all-in-one services.smartd.devices = builtins.map (x: { device = x; }) allDisks; |