jorah: fix dual networking setup
All checks were successful
flake / flake (push) Successful in 3m35s
All checks were successful
flake / flake (push) Successful in 3m35s
This commit is contained in:
parent
8cee990f54
commit
b4a33bb6b2
@ -34,15 +34,22 @@
|
||||
};
|
||||
|
||||
## Networking
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks."enp5s0".extraConfig = ''
|
||||
[Match]
|
||||
Name = enp5s0
|
||||
[Network]
|
||||
Address = 2a01:4f9:4b:3953::2/64
|
||||
Gateway = fe80::1
|
||||
'';
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
enp5s0 = {
|
||||
name = "eth0";
|
||||
useDHCP = true;
|
||||
ipv6.addresses = [{
|
||||
address = "2a01:4f9:4b:3953::2";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
};
|
||||
};
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "eth0";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
@ -53,7 +60,7 @@
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [ ];
|
||||
interfaces = {
|
||||
enp5s0 = {
|
||||
eth0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
80 # HTTP 1-2
|
||||
443 # HTTPS 1-2
|
||||
|
@ -43,13 +43,6 @@
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
@ -103,8 +103,8 @@ in
|
||||
};
|
||||
networking.firewall.extraCommands = ''
|
||||
# proxy all traffic on public interface to the gitea SSH server
|
||||
iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
ip6tables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
ip6tables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
|
||||
# proxy locally originating outgoing packets
|
||||
iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
|
||||
|
Loading…
Reference in New Issue
Block a user