From b29b8bc68ad974abef4a9be92bc16eed07a106c5 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 14 Jun 2016 01:33:20 +0200
Subject: [PATCH] ma 1 dartH: fix nat from  tinc

---
 1systems/darth.nix | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/1systems/darth.nix b/1systems/darth.nix
index 2f2358d..08ac7e6 100644
--- a/1systems/darth.nix
+++ b/1systems/darth.nix
@@ -17,19 +17,37 @@ in {
       ../2configs/exim-retiolum.nix
       ../2configs/virtualization.nix
   ];
-
-  networking.firewall.allowedUDPPorts = [ 80 655 67 ];
-  networking.firewall.allowedTCPPorts = [ 80 655 ];
-  networking.firewall.checkReversePath = false;
+  services.tinc.networks.siem = {
+    name = "sdarth";
+    extraConfig = "ConnectTo = sjump";
+  };
   #networking.firewall.enable = false;
-  # virtualisation.nova.enableSingleNode = true;
   krebs.retiolum.enable = true;
 
   boot.kernelModules = [ "coretemp" "f71882fg" ];
 
   hardware.enableAllFirmware = true;
   nixpkgs.config.allowUnfree = true;
-  networking.wireless.enable = true;
+  networking = {
+    wireless.enable = true;
+    firewall = {
+      allowPing = true;
+      logRefusedConnections = false;
+      allowedUDPPorts = [ 80 655 67 ];
+      allowedTCPPorts = [ 80 655 ];
+    };
+    nat = {
+      enable = true;
+      internalIPs = [ "10.8.10.0/24" ];
+      #internalInterfaces = [ "tinc.siem" ];
+      externalIP = "10.8.8.2";
+      externalInterface = "virbr3";
+    };
+    interfaces.virbr3.ip4 =  [{
+      address = "10.8.8.2";
+      prefixLength = 24;
+    }];
+  };
 
   # TODO smartd omo darth gum all-in-one
   services.smartd.devices = builtins.map (x: { device = x; }) allDisks;