{ config, ... }: let servHosts = config.site.net.serv.hosts4; inherit (config.site.net.c3d2.hosts4) dn42; in { site.hosts = { upstream3 = { interfaces = { core = { hwaddr = "0A:14:48:01:28:00"; type = "veth"; }; up3 = { hwaddr = "00:23:74:D7:42:7D"; type = "veth"; upstream = { link = null; noNat = { subnets6 = [ ]; }; provider = "starlink"; staticIpv4Address = null; upBandwidth = null; }; }; }; ospf.upstreamInstance = 7; role = "container"; }; upstream4 = { forwardPorts = [ { # http destination = "172.20.73.45"; proto = "tcp"; reflect = true; sourcePort = 80; } { # https destination = "172.20.73.45"; proto = "tcp"; reflect = true; sourcePort = 443; } { # gemini destination = "${servHosts.c3d2-web}:1965"; proto = "tcp"; reflect = true; sourcePort = 1965; } { destination = "172.20.73.61"; proto = "tcp"; reflect = true; sourcePort = 53; } { destination = "172.20.73.61"; proto = "udp"; reflect = true; sourcePort = 53; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2325; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2327; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2337; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2338; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2339; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2340; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 2399; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 24699; } { destination = dn42; proto = "udp"; reflect = true; sourcePort = 64699; } { destination = "${servHosts.leon}:22"; proto = "tcp"; reflect = true; sourcePort = 2223; } { destination = servHosts.minetest; proto = "udp"; reflect = true; sourcePort = 30000; } # ? { destination = "172.22.99.175:22"; proto = "tcp"; reflect = true; sourcePort = 2224; } { destination = servHosts.gitea; proto = "tcp"; reflect = true; sourcePort = 22; } { destination = servHosts.jabber; proto = "tcp"; reflect = true; sourcePort = 5222; } { destination = servHosts.jabber; proto = "tcp"; reflect = true; sourcePort = 5223; } { destination = servHosts.jabber; proto = "tcp"; reflect = true; sourcePort = 5269; } { destination = servHosts.jabber; proto = "tcp"; reflect = true; sourcePort = 3478; } { destination = servHosts.jabber; proto = "tcp"; reflect = true; sourcePort = 3479; } { destination = servHosts.jabber; proto = "udp"; reflect = true; sourcePort = 3478; } { destination = servHosts.jabber; proto = "udp"; reflect = true; sourcePort = 3479; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 25; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 465; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 587; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 110; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 143; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 993; } { destination = servHosts.mailtngbert; proto = "tcp"; reflect = true; sourcePort = 995; } # poelzi { destination = "172.20.73.162:22"; proto = "tcp"; reflect = true; sourcePort = 2323; } # zw-ev RDP { destination = "172.20.75.222:3389"; proto = "tcp"; reflect = true; sourcePort = 45000; } { destination = config.site.net.core.hosts4.yggdrasil; proto = "tcp"; reflect = true; sourcePort = 1337; } { destination = config.site.net.core.hosts4.vpn-gw; proto = "udp"; reflect = true; sourcePort = config.site.vpn.wireguard.port; } { destination = "${config.site.net.serv.hosts4.direkthilfe}:22"; proto = "tcp"; reflect = false; sourcePort = 3822; } { destination = servHosts.gnunet; proto = "tcp"; reflect = true; sourcePort = 2086; } # data-hoarder { destination = servHosts.data-hoarder; proto = "udp"; reflect = true; sourcePort = 51820; } { destination = servHosts.data-hoarder; proto = "tcp"; reflect = true; sourcePort = 51820; } { destination = "${servHosts.data-hoarder}:22"; proto = "udp"; reflect = false; sourcePort = 2269; } { destination = "${servHosts.data-hoarder}:22"; proto = "tcp"; reflect = false; sourcePort = 2269; } { destination = "${servHosts.ftp}:22"; proto = "tcp"; reflect = true; sourcePort = 1022; } ]; interfaces = { core = { hwaddr = "0A:14:48:01:28:01"; type = "veth"; }; up4 = { hwaddr = "00:23:74:D7:42:7E"; type = "veth"; }; up4-pppoe = { type = "pppoe"; upstream = { link = "up4"; noNat = { subnets6 = [ "2a00:8180:2000:37::1/128" "2a00:8180:2c00:200::/56" ]; }; provider = "dsi"; staticIpv4Address = "81.201.149.152"; upBandwidth = 98000; }; }; }; ospf.upstreamInstance = 8; role = "container"; }; freifunk.ospf.upstreamInstance = 6; anon1 = { interfaces = { core = { hwaddr = "0A:14:48:01:14:00"; type = "veth"; }; njalla = { type = "wireguard"; upstream = { provider = "njal.la"; upBandwidth = 45000; }; }; }; ospf = { allowedUpstreams = [ "upstream4" "upstream3" "freifunk" ]; upstreamInstance = 5; }; role = "container"; }; }; }