Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2017-01-05 15:42:32 +0100
committer: makefu <github@syntax-fehler.de> 2017-01-05 15:42:32 +0100
commit: 137cef757991c99aca9991e30c6ff680c3692910 (patch)
tree: 7398ac2c10443cab7166c68a504aad2d275dc66b /lass/2configs/makefu-sip.nix
parent: c1952c2d2bf84a7266da5092c0f9eef1561d49ce (diff)
parent: 2e9d5f604c32c9c938a90c3211d5b7726d17f9ee (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/lass/2configs/makefu-sip.nix b/lass/2configs/makefu-sip.nix
new file mode 100644
index 000000000..9d2e9b696
--- /dev/null
+++ b/lass/2configs/makefu-sip.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  users.users.makefu = {
+    uid = genid "makefu";
+    isNormalUser = true;
+    extraGroups = [ "libvirtd" ];
+    openssh.authorizedKeys.keys = [
+      config.krebs.users.makefu.pubkey
+    ];
+  };
+
+  krebs.iptables.tables.nat.PREROUTING.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 213.239.205.246 -p tcp --dport 10022"; target = "DNAT --to-destination 192.168.122.136:22"; }
+  ];
+
+  krebs.iptables.tables.filter.FORWARD.rules = [
+    { v6 = false; precedence = 1000; predicate = "-d 192.168.122.136 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+  ];
+}
author	makefu <github@syntax-fehler.de>	2017-01-05 15:42:32 +0100
committer	makefu <github@syntax-fehler.de>	2017-01-05 15:42:32 +0100
commit	137cef757991c99aca9991e30c6ff680c3692910 (patch)
tree	7398ac2c10443cab7166c68a504aad2d275dc66b /lass/2configs/makefu-sip.nix
parent	c1952c2d2bf84a7266da5092c0f9eef1561d49ce (diff)
parent	2e9d5f604c32c9c938a90c3211d5b7726d17f9ee (diff)