summaryrefslogtreecommitdiffstats
path: root/lass/2configs/makefu-sip.nix
blob: 9d2e9b69628dfe08b0fd90824182ecef455d521a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
{
  users.users.makefu = {
    uid = genid "makefu";
    isNormalUser = true;
    extraGroups = [ "libvirtd" ];
    openssh.authorizedKeys.keys = [
      config.krebs.users.makefu.pubkey
    ];
  };

  krebs.iptables.tables.nat.PREROUTING.rules = [
    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
  ];

  krebs.iptables.tables.filter.FORWARD.rules = [
    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
  ];
}