summaryrefslogtreecommitdiffstats
path: root/lass/2configs/hfos.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/2configs/hfos.nix')
-rw-r--r--lass/2configs/hfos.nix47
1 files changed, 0 insertions, 47 deletions
diff --git a/lass/2configs/hfos.nix b/lass/2configs/hfos.nix
deleted file mode 100644
index 9dafe086c..000000000
--- a/lass/2configs/hfos.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-{
- users.users.riot = {
- uid = genid "riot";
- isNormalUser = true;
- extraGroups = [ "libvirtd" ];
- openssh.authorizedKeys.keys = [
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMkyCwdwBrsbs3qrNQcy/SqQpex4aaQoAMuT+NDefFc8KVHOMfmkDccEyAggDTgQhUrEVIvo/fFUmGBd9sm1vN1IthO2Qh5nX+qiK/A2R7sxci0Ry6piU03R27JfpZqi6g8TSPNi1C9rC8eBqOfO3OB8oQOkFmM48Q9cmS8AV3ERLR0LaHoEqUbs86JELbtHrMdKk4Hzo8zTM/isP3GO8iDHRt4dBS/03Ve7+WVxgNwWU2HW3a3jJd3tWHrqGmS/ZfCEC/47eIj4WSW+JiH9Q0BarNEbkkMV1Mvm32MX52stGPd5FaIIUtFqD4745iVSiw8esUGFUxJ1RjWgUHr99h riot@vortex"
- ];
- };
-
- networking.interfaces.et0.ip4 = [
- {
- address = "213.239.205.246";
- prefixLength = 24;
- }
- ];
-
- krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 22"; target = "DNAT --to-destination 192.168.122.208:22"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 25"; target = "DNAT --to-destination 192.168.122.208:25"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 80"; target = "DNAT --to-destination 192.168.122.208:1080"; }
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
- ];
-
- krebs.iptables.tables.filter.FORWARD.rules = mkBefore [
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 25 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1080 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 192.168.122.208 -p tcp --dport 1443 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
- ];
-
- krebs.iptables.tables.nat.OUTPUT.rules = mkBefore [
- { v6 = false; predicate = "-d 213.239.205.246 -p tcp --dport 443"; target = "DNAT --to-destination 192.168.122.208:1443"; }
- ];
-
- # TODO use bridge interfaces instead of this crap
- systemd.services.libvirtd.serviceConfig.ExecStartPost = let
- restart-iptables = pkgs.writeDash "restart-iptables" ''
- #soo hacky
- ${pkgs.coreutils}/bin/sleep 5s
- ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service
- '';
- in restart-iptables;
-}