JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

jorah: fix dual networking setup
All checks were successful
flake / flake (push) Successful in 3m35s
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-04-13 15:23:04 +01:00
parent 8cee990f54
commit b4a33bb6b2
3 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
hosts/jorah.cx.ts.hillion.co.uk/default.nix
View File

@ -34,15 +34,22 @@
}; };
## Networking ## Networking
systemd.network = { networking = {
enable = true; useDHCP = false;
networks."enp5s0".extraConfig = '' interfaces = {
[Match] enp5s0 = {
Name = enp5s0 name = "eth0";
[Network] useDHCP = true;
Address = 2a01:4f9:4b:3953::2/64 ipv6.addresses = [{
Gateway = fe80::1 address = "2a01:4f9:4b:3953::2";
''; prefixLength = 64;
}];
};
};
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
}; };
networking.firewall = { networking.firewall = {
@ -53,7 +60,7 @@
]; ];
allowedUDPPorts = lib.mkForce [ ]; allowedUDPPorts = lib.mkForce [ ];
interfaces = { interfaces = {
enp5s0 = { eth0 = {
allowedTCPPorts = lib.mkForce [ allowedTCPPorts = lib.mkForce [
80 # HTTP 1-2 80 # HTTP 1-2
443 # HTTPS 1-2 443 # HTTPS 1-2

7
hosts/jorah.cx.ts.hillion.co.uk/hardware-configuration.nix
View File

@ -43,13 +43,6 @@
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

4
modules/services/gitea.nix
View File

@ -103,8 +103,8 @@ in
}; };
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
# proxy all traffic on public interface to the gitea SSH server # proxy all traffic on public interface to the gitea SSH server
iptables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort} iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
ip6tables -A PREROUTING -t nat -i enp5s0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort} ip6tables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}
# proxy locally originating outgoing packets # proxy locally originating outgoing packets
iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort} iptables -A OUTPUT -d 95.217.229.104 -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.sshPort}