network/config/net/upstream.nix

{ config, ... }:
let
  servHosts = config.site.net.serv.hosts4;
  inherit (config.site.net.c3d2.hosts4) dn42;
in
{
  site.hosts = {
    upstream3 = {
      interfaces = {
        core = {
          hwaddr = "0A:14:48:01:28:00";
          type = "veth";
        };
        up3 = {
          hwaddr = "00:23:74:D7:42:7D";
          type = "veth";
          upstream = {
            link = null;
            noNat = { subnets6 = [ ]; };
            provider = "starlink";
            staticIpv4Address = null;
            upBandwidth = null;
          };
        };
      };
      ospf.upstreamInstance = 7;
      role = "container";
    };

    upstream4 = {
      forwardPorts = [
        { # http
          destination = "172.20.73.45";
          proto = "tcp";
          reflect = true;
          sourcePort = 80;
        }
        { # https
          destination = "172.20.73.45";
          proto = "tcp";
          reflect = true;
          sourcePort = 443;
        }
        { # gemini
          destination = "${servHosts.c3d2-web}:1965";
          proto = "tcp";
          reflect = true;
          sourcePort = 1965;
        }
        {
          destination = "172.20.73.61";
          proto = "tcp";
          reflect = true;
          sourcePort = 53;
        }
        {
          destination = "172.20.73.61";
          proto = "udp";
          reflect = true;
          sourcePort = 53;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2325;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2327;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2337;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2338;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2339;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2340;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 2399;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 24699;
        }
        {
          destination = dn42;
          proto = "udp";
          reflect = true;
          sourcePort = 64699;
        }
        {
          destination = "${servHosts.leon}:22";
          proto = "tcp";
          reflect = true;
          sourcePort = 2223;
        }
        {
          destination = servHosts.minetest;
          proto = "udp";
          reflect = true;
          sourcePort = 30000;
        }
        # ?
        {
          destination = "172.22.99.175:22";
          proto = "tcp";
          reflect = true;
          sourcePort = 2224;
        }
        {
          destination = servHosts.gitea;
          proto = "tcp";
          reflect = true;
          sourcePort = 22;
        }
        {
          destination = servHosts.jabber;
          proto = "tcp";
          reflect = true;
          sourcePort = 5222;
        }
        {
          destination = servHosts.jabber;
          proto = "tcp";
          reflect = true;
          sourcePort = 5223;
        }
        {
          destination = servHosts.jabber;
          proto = "tcp";
          reflect = true;
          sourcePort = 5269;
        }
        {
          destination = servHosts.jabber;
          proto = "tcp";
          reflect = true;
          sourcePort = 3478;
        }
        {
          destination = servHosts.jabber;
          proto = "tcp";
          reflect = true;
          sourcePort = 3479;
        }
        {
          destination = servHosts.jabber;
          proto = "udp";
          reflect = true;
          sourcePort = 3478;
        }
        {
          destination = servHosts.jabber;
          proto = "udp";
          reflect = true;
          sourcePort = 3479;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 25;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 465;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 587;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 110;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 143;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 993;
        }
        {
          destination = servHosts.mailtngbert;
          proto = "tcp";
          reflect = true;
          sourcePort = 995;
        }
        # poelzi
        {
          destination = "172.20.73.162:22";
          proto = "tcp";
          reflect = true;
          sourcePort = 2323;
        }
        # zw-ev RDP
        {
          destination = "172.20.75.222:3389";
          proto = "tcp";
          reflect = true;
          sourcePort = 45000;
        }
        {
          destination = config.site.net.core.hosts4.yggdrasil;
          proto = "tcp";
          reflect = true;
          sourcePort = 1337;
        }
        {
          destination = config.site.net.core.hosts4.vpn-gw;
          proto = "udp";
          reflect = true;
          sourcePort = config.site.vpn.wireguard.port;
        }
        {
          destination = "${config.site.net.serv.hosts4.direkthilfe}:22";
          proto = "tcp";
          reflect = false;
          sourcePort = 3822;
        }
        {
          destination = servHosts.gnunet;
          proto = "tcp";
          reflect = true;
          sourcePort = 2086;
        }
      ];
      interfaces = {
        core = {
          hwaddr = "0A:14:48:01:28:01";
          type = "veth";
        };
        up4 = {
          hwaddr = "00:23:74:D7:42:7E";
          type = "veth";
        };
        up4-pppoe = {
          type = "pppoe";
          upstream = {
            link = "up4";
            noNat = {
              subnets6 =
                [ "2a00:8180:2000:37::1/128" "2a00:8180:2c00:200::/56" ];
            };
            provider = "dsi";
            staticIpv4Address = "81.201.149.152";
            upBandwidth = 98000;
          };
        };
      };
      ospf.upstreamInstance = 8;
      role = "container";
    };

    freifunk.ospf.upstreamInstance = 6;

    anon1 = {
      interfaces = {
        core = {
          hwaddr = "0A:14:48:01:14:00";
          type = "veth";
        };
        njalla = {
          type = "wireguard";
          upstream = {
            provider = "njal.la";
            upBandwidth = 45000;
          };
        };
      };
      ospf = {
        allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];
        upstreamInstance = 5;
      };
      role = "container";
    };
  };
}
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`{ config, ... }:`
			`let`
			`servHosts = config.site.net.serv.hosts4;`
			`inherit (config.site.net.c3d2.hosts4) dn42;`
			`in`
config: split into many files 2021-11-13 01:44:14 +01:00			`{`
			`site.hosts = {`
			`upstream3 = {`
			`interfaces = {`
			`core = {`
			`hwaddr = "0A:14:48:01:28:00";`
			`type = "veth";`
			`};`
			`up3 = {`
			`hwaddr = "00:23:74:D7:42:7D";`
			`type = "veth";`
			`upstream = {`
			`link = null;`
			`noNat = { subnets6 = [ ]; };`
			`provider = "starlink";`
			`staticIpv4Address = null;`
			`upBandwidth = null;`
			`};`
			`};`
			`};`
			`ospf.upstreamInstance = 7;`
			`role = "container";`
			`};`

			`upstream4 = {`
			`forwardPorts = [`
upstream1: move gemini port forwarding to upstream4 proper 2022-03-05 01:07:04 +01:00			`{ # http`
config: split into many files 2021-11-13 01:44:14 +01:00			`destination = "172.20.73.45";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 80;`
			`}`
upstream1: move gemini port forwarding to upstream4 proper 2022-03-05 01:07:04 +01:00			`{ # https`
config: split into many files 2021-11-13 01:44:14 +01:00			`destination = "172.20.73.45";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 443;`
			`}`
upstream1: move gemini port forwarding to upstream4 proper 2022-03-05 01:07:04 +01:00			`{ # gemini`
			`destination = "${servHosts.c3d2-web}:1965";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 1965;`
			`}`
config: split into many files 2021-11-13 01:44:14 +01:00			`{`
			`destination = "172.20.73.61";`
			`proto = "tcp";`
upstream4: make dns forwardPorts reflective 2022-03-01 21:52:04 +01:00			`reflect = true;`
config: split into many files 2021-11-13 01:44:14 +01:00			`sourcePort = 53;`
			`}`
			`{`
			`destination = "172.20.73.61";`
			`proto = "udp";`
upstream4: make dns forwardPorts reflective 2022-03-01 21:52:04 +01:00			`reflect = true;`
config: split into many files 2021-11-13 01:44:14 +01:00			`sourcePort = 53;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 2325;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
up4: update forwardedPorts for dn42 2022-01-25 21:41:27 +01:00			`sourcePort = 2327;`
config: split into many files 2021-11-13 01:44:14 +01:00			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
up4: update forwardedPorts for dn42 2022-01-25 21:41:27 +01:00			`sourcePort = 2337;`
config: split into many files 2021-11-13 01:44:14 +01:00			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 2338;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 2339;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
up4: update forwardedPorts for dn42 2022-01-25 21:41:27 +01:00			`sourcePort = 2340;`
config: split into many files 2021-11-13 01:44:14 +01:00			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = dn42;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
up4: update forwardedPorts for dn42 2022-01-25 21:41:27 +01:00			`sourcePort = 2399;`
			`}`
			`{`
			`destination = dn42;`
			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 24699;`
			`}`
			`{`
			`destination = dn42;`
			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 64699;`
config: split into many files 2021-11-13 01:44:14 +01:00			`}`
			`{`
serv: update ssh to leon 2022-06-01 19:24:15 +02:00			`destination = "${servHosts.leon}:22";`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 2223;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.minetest;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 30000;`
			`}`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`# ?`
config: split into many files 2021-11-13 01:44:14 +01:00			`{`
			`destination = "172.22.99.175:22";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 2224;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.gitea;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 22;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 5222;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 5223;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 5269;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 3478;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 3479;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 3478;`
			`}`
			`{`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`destination = servHosts.jabber;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "udp";`
			`reflect = true;`
			`sourcePort = 3479;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 25;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 465;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 587;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 110;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 143;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 993;`
			`}`
			`{`
upstream4: change port forwardings from mail to mailtngbert 2022-02-24 19:58:59 +01:00			`destination = servHosts.mailtngbert;`
config: split into many files 2021-11-13 01:44:14 +01:00			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 995;`
add portforwarding 2021-12-06 11:07:04 +01:00			`}`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`# poelzi`
add portforwarding 2021-12-06 11:07:04 +01:00			`{`
			`destination = "172.20.73.162:22";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 2323;`
config: split into many files 2021-11-13 01:44:14 +01:00			`}`
config/net/upstream: literalize/doc port forwardings 2022-01-12 00:16:46 +01:00			`# zw-ev RDP`
config/net/upstream: add port forwarding 45000/tcp 2022-01-12 00:09:46 +01:00			`{`
			`destination = "172.20.75.222:3389";`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 45000;`
			`}`
yggdrasil: listen, add port forwarding on upstream4+upstream1 2022-01-14 19:22:11 +01:00			`{`
			`destination = config.site.net.core.hosts4.yggdrasil;`
			`proto = "tcp";`
			`reflect = true;`
yggdrasil: change listening port to 1337 1/tcp didn't work :( 2022-01-14 20:37:42 +01:00			`sourcePort = 1337;`
yggdrasil: listen, add port forwarding on upstream4+upstream1 2022-01-14 19:22:11 +01:00			`}`
vpn-gw: init 2022-03-01 22:51:31 +01:00			`{`
			`destination = config.site.net.core.hosts4.vpn-gw;`
			`proto = "udp";`
			`reflect = true;`
			`sourcePort = config.site.vpn.wireguard.port;`
			`}`
upstream4: add forwardPorts for direkthilfe:ssh 2022-03-31 00:20:55 +02:00			`{`
			`destination = "${config.site.net.serv.hosts4.direkthilfe}:22";`
			`proto = "tcp";`
			`reflect = false;`
			`sourcePort = 3822;`
			`}`
upstream4: add port forwarding for gnunet 2022-07-06 21:06:34 +02:00			`{`
			`destination = servHosts.gnunet;`
			`proto = "tcp";`
			`reflect = true;`
			`sourcePort = 2086;`
			`}`
config: split into many files 2021-11-13 01:44:14 +01:00			`];`
			`interfaces = {`
			`core = {`
			`hwaddr = "0A:14:48:01:28:01";`
			`type = "veth";`
			`};`
			`up4 = {`
			`hwaddr = "00:23:74:D7:42:7E";`
			`type = "veth";`
			`};`
			`up4-pppoe = {`
			`type = "pppoe";`
			`upstream = {`
			`link = "up4";`
			`noNat = {`
			`subnets6 =`
			`[ "2a00:8180:2000:37::1/128" "2a00:8180:2c00:200::/56" ];`
			`};`
			`provider = "dsi";`
			`staticIpv4Address = "81.201.149.152";`
			`upBandwidth = 98000;`
			`};`
			`};`
			`};`
			`ospf.upstreamInstance = 8;`
			`role = "container";`
			`};`

			`freifunk.ospf.upstreamInstance = 6;`

			`anon1 = {`
			`interfaces = {`
			`core = {`
			`hwaddr = "0A:14:48:01:14:00";`
			`type = "veth";`
			`};`
lib/config/options: move host wireguard setting to interface entries 2022-01-11 19:58:50 +01:00			`njalla = {`
			`type = "wireguard";`
			`upstream = {`
			`provider = "njal.la";`
			`upBandwidth = 45000;`
			`};`
			`};`
config: split into many files 2021-11-13 01:44:14 +01:00			`};`
			`ospf = {`
anon1: prefer upstream4 2022-06-21 03:24:08 +02:00			`allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ];`
config: split into many files 2021-11-13 01:44:14 +01:00			`upstreamInstance = 5;`
			`};`
			`role = "container";`
			`};`
			`};`
			`}`