l: add & import makefu-sip config

2016-12-29 18:15:41 +01:00 · 2016-12-29 18:15:41 +01:00 · 88c6a1ddc6
parent ecc89618f8
commit 88c6a1ddc6
2 changed files with 22 additions and 0 deletions
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@ -26,6 +26,7 @@ in {
    ../2configs/iodined.nix
    ../2configs/libvirt.nix
    ../2configs/hfos.nix
+    ../2configs/makefu-sip.nix
    {
      users.extraGroups = {
        # ● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
--- a/lass/2configs/makefu-sip.nix
+++ b/lass/2configs/makefu-sip.nix
@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  users.users.makefu = {
+    uid = genid "makefu";
+    isNormalUser = true;
+    extraGroups = [ "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.makefu.pubkey
+    ];
+  };
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
+  ];
+
+  krebs.iptables.tables.filter.FORWARD.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+  ];
+}