config routing
This commit is contained in:
parent
936ea1c3db
commit
209c0ea97e
4 changed files with 35 additions and 62 deletions
1
hive.nix
1
hive.nix
|
@ -23,6 +23,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
kat-r86s = { name, nodes, ... }: {
|
kat-r86s = { name, nodes, ... }: {
|
||||||
|
deployment.targetHost = "r86s.kat";
|
||||||
imports = [
|
imports = [
|
||||||
./machines/kat-r86s/configuration.nix
|
./machines/kat-r86s/configuration.nix
|
||||||
users.root
|
users.root
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
# ./router.nix
|
./router.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
@ -54,6 +54,22 @@
|
||||||
# extraGroups = [ "wheel" ];
|
# extraGroups = [ "wheel" ];
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
];
|
];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
|
||||||
|
|
||||||
|
# maurice
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
|
||||||
|
|
||||||
|
#raito
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
||||||
|
|
||||||
|
# tomate
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -86,8 +102,8 @@
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
networking.firewall.allowedTCPPorts = [ 22 53 80 443 22000 ];
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
networking.firewall.allowedUDPPorts = [ 67 ];
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
|
|
@ -1,66 +1,23 @@
|
||||||
{config, lib, pkgs, ...}: {
|
{config, lib, pkgs, ...}: {
|
||||||
boot.kernel.sysctl = {
|
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||||
"net.ipv4.conf.all.forwarding" = true;
|
|
||||||
"net.ipv6.conf.all.forwarding" = true;
|
|
||||||
};
|
|
||||||
networking = {
|
|
||||||
interfaces = {
|
|
||||||
# wan wifi
|
|
||||||
wlo1.useDHCP = true;
|
|
||||||
|
|
||||||
# cri
|
networking.nat = {
|
||||||
enp1s0.useDHCP = true;
|
|
||||||
|
|
||||||
# HPE
|
|
||||||
enp2s0 = {
|
|
||||||
useDHCP = false;
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = "129.199.156.112";
|
|
||||||
prefixLength = 32;
|
|
||||||
}];
|
|
||||||
mtu = 9000;
|
|
||||||
};
|
|
||||||
|
|
||||||
# thurne
|
|
||||||
enp3s0 = {
|
|
||||||
useDHCP = false;
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = "192.168.42.1";
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
mtu = 9000;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nat = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
extraCommands = ''
|
internalInterfaces = [ "enp2s0" ];
|
||||||
iptables -t nat -A POSTROUTING -o wlo1 -j MASQUERADE
|
externalInterface = "enp1s0";
|
||||||
iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
|
};
|
||||||
'';
|
networking.interfaces.enp2s0 = {
|
||||||
|
useDHCP = false;
|
||||||
|
ipv4.addresses = [{ address = "192.168.42.1"; prefixLength = 24; }];
|
||||||
};
|
};
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
extraCommands = ''
|
|
||||||
iptables -A FORWARD -i enp3s0 -o wlo1 -j ACCEPT
|
|
||||||
iptables -A FORWARD -i wlo1 -o enp3s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A FORWARD -i enp3s0 -o enp1s0 -j ACCEPT
|
|
||||||
iptables -A FORWARD -i enp1s0 -o enp3s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
|
|
||||||
iptables -A FORWARD -i enp2s0 -o enp1s0 -j ACCEPT
|
|
||||||
iptables -A FORWARD -i enp1s0 -o enp2s0 -j ACCEPT
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.dnsmasq = {
|
services.dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
interface = [ "enp2s0" "enp3s0" ];
|
interface = [ "enp2s0" ];
|
||||||
bind-dynamic = true;
|
bind-dynamic = true;
|
||||||
dhcp-option = "3,0.0.0.0";
|
dhcp-option = "3,0.0.0.0";
|
||||||
dhcp-range = "192.168.42.2,192.168.42.254,255.255.255.0,12h";
|
dhcp-range = "192.168.42.100,192.168.42.254,255.255.255.0,12h";
|
||||||
# dhcp-host = "a8:b1:3b:75:6f:92,129.199.224.96";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,8 +15,7 @@
|
||||||
};
|
};
|
||||||
"r86s.kat" = {
|
"r86s.kat" = {
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = "129.199.156.112";
|
hostname = "100.102.49.84";
|
||||||
proxyJump = "sas.ens";
|
|
||||||
};
|
};
|
||||||
"test.kat" = {
|
"test.kat" = {
|
||||||
user = "root";
|
user = "root";
|
||||||
|
@ -45,12 +44,12 @@
|
||||||
|
|
||||||
"jourdan01.dgn" = {
|
"jourdan01.dgn" = {
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = "192.168.42.17";
|
hostname = "192.168.42.6";
|
||||||
proxyJump = "r86s.kat";
|
proxyJump = "r86s.kat";
|
||||||
};
|
};
|
||||||
"jourdan01.netconf.dgn" = {
|
"jourdan01.netconf.dgn" = {
|
||||||
user = "dgnum";
|
user = "dgnum";
|
||||||
hostname = "192.168.42.17";
|
hostname = "192.168.42.6";
|
||||||
proxyJump = "r86s.kat";
|
proxyJump = "r86s.kat";
|
||||||
port = 830;
|
port = 830;
|
||||||
extraOptions.sessionType = "subsystem";
|
extraOptions.sessionType = "subsystem";
|
||||||
|
|
Loading…
Reference in a new issue