config routing
This commit is contained in:
parent
936ea1c3db
commit
209c0ea97e
4 changed files with 35 additions and 62 deletions
1
hive.nix
1
hive.nix
|
|
@ -23,6 +23,7 @@ in {
|
|||
};
|
||||
|
||||
kat-r86s = { name, nodes, ... }: {
|
||||
deployment.targetHost = "r86s.kat";
|
||||
imports = [
|
||||
./machines/kat-r86s/configuration.nix
|
||||
users.root
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
# ./router.nix
|
||||
./router.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
|
@ -54,6 +54,22 @@
|
|||
# extraGroups = [ "wheel" ];
|
||||
packages = with pkgs; [
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
|
||||
|
||||
# maurice
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
|
||||
|
||||
#raito
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
||||
|
||||
# tomate
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
@ -86,8 +102,8 @@
|
|||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
networking.firewall.allowedTCPPorts = [ 22 53 80 443 22000 ];
|
||||
networking.firewall.allowedUDPPorts = [ 67 ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,66 +1,23 @@
|
|||
{config, lib, pkgs, ...}: {
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
"net.ipv6.conf.all.forwarding" = true;
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "enp2s0" ];
|
||||
externalInterface = "enp1s0";
|
||||
};
|
||||
networking = {
|
||||
interfaces = {
|
||||
# wan wifi
|
||||
wlo1.useDHCP = true;
|
||||
|
||||
# cri
|
||||
enp1s0.useDHCP = true;
|
||||
|
||||
# HPE
|
||||
enp2s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "129.199.156.112";
|
||||
prefixLength = 32;
|
||||
}];
|
||||
mtu = 9000;
|
||||
};
|
||||
|
||||
# thurne
|
||||
enp3s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
address = "192.168.42.1";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
mtu = 9000;
|
||||
};
|
||||
};
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
extraCommands = ''
|
||||
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
firewall = {
|
||||
enable = true;
|
||||
extraCommands = ''
|
||||
iptables -A FORWARD -i enp3s0 -o wlo1 -j ACCEPT
|
||||
iptables -A FORWARD -i wlo1 -o enp3s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
iptables -A FORWARD -i enp3s0 -o enp1s0 -j ACCEPT
|
||||
iptables -A FORWARD -i enp1s0 -o enp3s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT
|
||||
iptables -A FORWARD -i enp1s0 -o enp2s0 -j ACCEPT
|
||||
'';
|
||||
};
|
||||
networking.interfaces.enp2s0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{ address = "192.168.42.1"; prefixLength = 24; }];
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interface = [ "enp2s0" "enp3s0" ];
|
||||
interface = [ "enp2s0" ];
|
||||
bind-dynamic = true;
|
||||
dhcp-option = "3,0.0.0.0";
|
||||
dhcp-range = "192.168.42.2,192.168.42.254,255.255.255.0,12h";
|
||||
# dhcp-host = "a8:b1:3b:75:6f:92,129.199.224.96";
|
||||
dhcp-range = "192.168.42.100,192.168.42.254,255.255.255.0,12h";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,8 +15,7 @@
|
|||
};
|
||||
"r86s.kat" = {
|
||||
user = "root";
|
||||
hostname = "129.199.156.112";
|
||||
proxyJump = "sas.ens";
|
||||
hostname = "100.102.49.84";
|
||||
};
|
||||
"test.kat" = {
|
||||
user = "root";
|
||||
|
|
@ -45,12 +44,12 @@
|
|||
|
||||
"jourdan01.dgn" = {
|
||||
user = "root";
|
||||
hostname = "192.168.42.17";
|
||||
hostname = "192.168.42.6";
|
||||
proxyJump = "r86s.kat";
|
||||
};
|
||||
"jourdan01.netconf.dgn" = {
|
||||
user = "dgnum";
|
||||
hostname = "192.168.42.17";
|
||||
hostname = "192.168.42.6";
|
||||
proxyJump = "r86s.kat";
|
||||
port = 830;
|
||||
extraOptions.sessionType = "subsystem";
|
||||
|
|
|
|||
Loading…
Reference in a new issue