From bc0cd03da463c9cf67ba47b034bbbe32d9391beb Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:57:52 +0200 Subject: move Reaktor|krebs from prism to hotdog --- lass/1systems/prism/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7a9537b64..285dbfa9d 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -175,7 +175,6 @@ with import ; alias /var/realwallpaper/realwallpaper.png; ''; } - { users.users.jeschli = { -- cgit v1.2.3 From e34ca32676d1fe6a4aab3cca1518b111a36ef8cd Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 04:59:14 +0200 Subject: l prism.r: remove unnecessary iptables forward --- lass/1systems/prism/config.nix | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 285dbfa9d..d6d1ce2e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,21 +293,6 @@ with import ; }; }; } - { #weechat port forwarding to blue - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} - ]; - krebs.iptables.tables.nat.PREROUTING.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } - { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } - ]; - } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3 From d7d39081d0c3866696e38fb42ae7e2ae28f28c69 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 8 Jun 2018 05:04:21 +0200 Subject: l prism.r: open ports for mosh --- lass/1systems/prism/config.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d6d1ce2e4..61d147c5f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -321,6 +321,11 @@ with import ; ]; }; } + { + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT";} + ]; + } ]; krebs.build.host = config.krebs.hosts.prism; -- cgit v1.2.3 From 9b389fd6644a71c0fb8fdc7764727d771d54e221 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 11 Jun 2018 15:45:12 +0200 Subject: Revert "l prism.r: remove unnecessary iptables forward" This reverts commit e34ca32676d1fe6a4aab3cca1518b111a36ef8cd. --- lass/1systems/prism/config.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lass/1systems/prism') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 61d147c5f..9a0bb49e9 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -293,6 +293,21 @@ with import ; }; }; } + { #weechat port forwarding to blue + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 9998"; target = "ACCEPT";} + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.prism.nets.internet.ip4.addr} -p tcp --dport 9998"; target = "DNAT --to-destination ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}:9999"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; precedence = 1000; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "ACCEPT"; } + { v6 = false; precedence = 1000; predicate = "-s ${config.krebs.hosts.blue.nets.retiolum.ip4.addr}"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-d ${config.krebs.hosts.blue.nets.retiolum.ip4.addr} -p tcp --dport 9999"; target = "MASQUERADE"; } + ]; + } { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p udp --dport 51820"; target = "ACCEPT"; } -- cgit v1.2.3