2022-01-12 00:16:46 +01:00
|
|
|
{ config, ... }:
|
|
|
|
let
|
|
|
|
servHosts = config.site.net.serv.hosts4;
|
|
|
|
inherit (config.site.net.c3d2.hosts4) dn42;
|
|
|
|
in
|
2021-11-13 01:44:14 +01:00
|
|
|
{
|
|
|
|
site.hosts = {
|
|
|
|
upstream1 = {
|
|
|
|
forwardPorts = [
|
2022-03-04 21:28:51 +01:00
|
|
|
{ # http
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = "${servHosts.public-access-proxy}:80";
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 80;
|
|
|
|
}
|
2022-03-04 21:28:51 +01:00
|
|
|
{ # https
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = "${servHosts.public-access-proxy}:443";
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 443;
|
|
|
|
}
|
2022-03-04 21:28:51 +01:00
|
|
|
{ # gemini
|
|
|
|
destination = "${servHosts.c3d2-web}:1965";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 1965;
|
|
|
|
}
|
2021-11-13 01:44:14 +01:00
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2325;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2399;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2327;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2338;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2339;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 40533;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 61699;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.74.210:22";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2222;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.74.210:443";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 8443;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.73.47:22";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2223;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.73.48:30000";
|
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 30000;
|
|
|
|
}
|
2022-01-14 19:22:11 +01:00
|
|
|
{
|
|
|
|
destination = config.site.net.core.hosts4.yggdrasil;
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
2022-01-14 20:37:42 +01:00
|
|
|
sourcePort = 1337;
|
2022-01-14 19:22:11 +01:00
|
|
|
}
|
2021-11-13 01:44:14 +01:00
|
|
|
];
|
|
|
|
interfaces = {
|
|
|
|
core = {
|
|
|
|
hwaddr = "0A:14:48:01:26:00";
|
|
|
|
type = "veth";
|
|
|
|
};
|
|
|
|
up1 = {
|
|
|
|
hwaddr = "00:23:74:D7:2D:7C";
|
|
|
|
type = "veth";
|
|
|
|
upstream = {
|
|
|
|
link = null;
|
|
|
|
noNat = { subnets6 = [ "2a02:8106:208:5200::/56" ]; };
|
|
|
|
provider = "vodafone";
|
|
|
|
staticIpv4Address = "24.134.104.53";
|
|
|
|
upBandwidth = 52500;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ospf.upstreamInstance = 3;
|
|
|
|
role = "container";
|
|
|
|
};
|
|
|
|
|
|
|
|
upstream2 = {
|
|
|
|
forwardPorts = [
|
|
|
|
{
|
|
|
|
destination = "172.20.75.9:1194";
|
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 1194;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.74.210:22";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2222;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.74.210:443";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 8443;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
interfaces = {
|
|
|
|
core = {
|
|
|
|
hwaddr = "0A:14:48:01:27:00";
|
|
|
|
type = "veth";
|
|
|
|
};
|
|
|
|
up2 = {
|
|
|
|
hwaddr = "00:23:74:D7:42:7C";
|
|
|
|
type = "veth";
|
|
|
|
upstream = {
|
|
|
|
link = null;
|
|
|
|
noNat = { subnets6 = [ "2a02:8106:208:e900::/56" ]; };
|
|
|
|
provider = "vodafone";
|
|
|
|
staticIpv4Address = null;
|
|
|
|
upBandwidth = 52500;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ospf.upstreamInstance = 4;
|
|
|
|
role = "container";
|
|
|
|
};
|
|
|
|
|
|
|
|
upstream3 = {
|
|
|
|
interfaces = {
|
|
|
|
core = {
|
|
|
|
hwaddr = "0A:14:48:01:28:00";
|
|
|
|
type = "veth";
|
|
|
|
};
|
|
|
|
up3 = {
|
|
|
|
hwaddr = "00:23:74:D7:42:7D";
|
|
|
|
type = "veth";
|
|
|
|
upstream = {
|
|
|
|
link = null;
|
|
|
|
noNat = { subnets6 = [ ]; };
|
|
|
|
provider = "starlink";
|
|
|
|
staticIpv4Address = null;
|
|
|
|
upBandwidth = null;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ospf.upstreamInstance = 7;
|
|
|
|
role = "container";
|
|
|
|
};
|
|
|
|
|
|
|
|
upstream4 = {
|
|
|
|
forwardPorts = [
|
|
|
|
{
|
|
|
|
destination = "172.20.73.45";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 80;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.73.45";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 443;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.73.61";
|
|
|
|
proto = "tcp";
|
2022-03-01 21:52:04 +01:00
|
|
|
reflect = true;
|
2021-11-13 01:44:14 +01:00
|
|
|
sourcePort = 53;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = "172.20.73.61";
|
|
|
|
proto = "udp";
|
2022-03-01 21:52:04 +01:00
|
|
|
reflect = true;
|
2021-11-13 01:44:14 +01:00
|
|
|
sourcePort = 53;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2325;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
2022-01-25 21:41:27 +01:00
|
|
|
sourcePort = 2327;
|
2021-11-13 01:44:14 +01:00
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
2022-01-25 21:41:27 +01:00
|
|
|
sourcePort = 2337;
|
2021-11-13 01:44:14 +01:00
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2338;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2339;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
2022-01-25 21:41:27 +01:00
|
|
|
sourcePort = 2340;
|
2021-11-13 01:44:14 +01:00
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = dn42;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
2022-01-25 21:41:27 +01:00
|
|
|
sourcePort = 2399;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = dn42;
|
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 24699;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
destination = dn42;
|
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 64699;
|
2021-11-13 01:44:14 +01:00
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = "${servHosts.leonos}:22";
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2223;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.minetest;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 30000;
|
|
|
|
}
|
2022-01-12 00:16:46 +01:00
|
|
|
# ?
|
2021-11-13 01:44:14 +01:00
|
|
|
{
|
|
|
|
destination = "172.22.99.175:22";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2224;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.gitea;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 22;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 5222;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 5223;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 5269;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 3478;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 3479;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 3478;
|
|
|
|
}
|
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = servHosts.jabber;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 3479;
|
|
|
|
}
|
2022-01-12 00:16:46 +01:00
|
|
|
# leon's vps1
|
2021-11-13 01:44:14 +01:00
|
|
|
{
|
2022-01-12 00:16:46 +01:00
|
|
|
destination = "${servHosts.vps1}:22";
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2225;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 25;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 465;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 587;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 110;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 143;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 993;
|
|
|
|
}
|
|
|
|
{
|
2022-02-24 19:58:59 +01:00
|
|
|
destination = servHosts.mailtngbert;
|
2021-11-13 01:44:14 +01:00
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 995;
|
2021-12-06 11:07:04 +01:00
|
|
|
}
|
2022-01-12 00:16:46 +01:00
|
|
|
# poelzi
|
2021-12-06 11:07:04 +01:00
|
|
|
{
|
|
|
|
destination = "172.20.73.162:22";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 2323;
|
2021-11-13 01:44:14 +01:00
|
|
|
}
|
2022-01-12 00:16:46 +01:00
|
|
|
# zw-ev RDP
|
2022-01-12 00:09:46 +01:00
|
|
|
{
|
|
|
|
destination = "172.20.75.222:3389";
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = 45000;
|
|
|
|
}
|
2022-01-14 19:22:11 +01:00
|
|
|
{
|
|
|
|
destination = config.site.net.core.hosts4.yggdrasil;
|
|
|
|
proto = "tcp";
|
|
|
|
reflect = true;
|
2022-01-14 20:37:42 +01:00
|
|
|
sourcePort = 1337;
|
2022-01-14 19:22:11 +01:00
|
|
|
}
|
2022-03-01 22:51:31 +01:00
|
|
|
{
|
|
|
|
destination = config.site.net.core.hosts4.vpn-gw;
|
|
|
|
proto = "udp";
|
|
|
|
reflect = true;
|
|
|
|
sourcePort = config.site.vpn.wireguard.port;
|
|
|
|
}
|
2021-11-13 01:44:14 +01:00
|
|
|
];
|
|
|
|
interfaces = {
|
|
|
|
core = {
|
|
|
|
hwaddr = "0A:14:48:01:28:01";
|
|
|
|
type = "veth";
|
|
|
|
};
|
|
|
|
up4 = {
|
|
|
|
hwaddr = "00:23:74:D7:42:7E";
|
|
|
|
type = "veth";
|
|
|
|
};
|
|
|
|
up4-pppoe = {
|
|
|
|
type = "pppoe";
|
|
|
|
upstream = {
|
|
|
|
link = "up4";
|
|
|
|
noNat = {
|
|
|
|
subnets6 =
|
|
|
|
[ "2a00:8180:2000:37::1/128" "2a00:8180:2c00:200::/56" ];
|
|
|
|
};
|
|
|
|
provider = "dsi";
|
|
|
|
staticIpv4Address = "81.201.149.152";
|
|
|
|
upBandwidth = 98000;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ospf.upstreamInstance = 8;
|
|
|
|
role = "container";
|
|
|
|
};
|
|
|
|
|
|
|
|
freifunk.ospf.upstreamInstance = 6;
|
|
|
|
|
|
|
|
anon1 = {
|
|
|
|
interfaces = {
|
|
|
|
core = {
|
|
|
|
hwaddr = "0A:14:48:01:14:00";
|
|
|
|
type = "veth";
|
|
|
|
};
|
2022-01-11 19:58:50 +01:00
|
|
|
njalla = {
|
|
|
|
type = "wireguard";
|
|
|
|
upstream = {
|
|
|
|
provider = "njal.la";
|
|
|
|
upBandwidth = 45000;
|
|
|
|
};
|
|
|
|
};
|
2021-11-13 01:44:14 +01:00
|
|
|
};
|
|
|
|
ospf = {
|
|
|
|
allowedUpstreams = [ "upstream1" "upstream3" "upstream4" "freifunk" ];
|
|
|
|
upstreamInstance = 5;
|
|
|
|
};
|
|
|
|
role = "container";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|