summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-03-05 11:20:27 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-03-05 11:20:27 +0100
commitef39030d83fb488b16035c82f1f876ed103f541a (patch)
tree995bae492901f8370db02b99d95123630d515e18 /hosts
parent29480b6e86ca6057d4151accdb5d4103f1657596 (diff)
downloadnixos-ef39030d83fb488b16035c82f1f876ed103f541a.tar
nixos-ef39030d83fb488b16035c82f1f876ed103f541a.tar.gz
nixos-ef39030d83fb488b16035c82f1f876ed103f541a.tar.bz2
nixos-ef39030d83fb488b16035c82f1f876ed103f541a.tar.xz
nixos-ef39030d83fb488b16035c82f1f876ed103f541a.zip
...
Diffstat (limited to 'hosts')
-rw-r--r--hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa4
-rw-r--r--hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa4
-rw-r--r--hosts/vidhar/dns/zones/yggdrasil.soa6
-rw-r--r--hosts/vidhar/network/ruleset.nft4
-rw-r--r--hosts/vidhar/printing/default.nix14
-rw-r--r--hosts/vidhar/printing/ruleset.nft11
6 files changed, 22 insertions, 21 deletions
diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
index 5f98034e..b23f6fd4 100644
--- a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
@@ -1,7 +1,7 @@
1$ORIGIN 141.10.in-addr.arpa. 1$ORIGIN 141.10.in-addr.arpa.
2$TTL 300 2$TTL 300
3@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li ( 3@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
4 2023030402 ; serial 4 2023030500 ; serial
5 300 ; refresh 5 300 ; refresh
6 300 ; retry 6 300 ; retry
7 300 ; expire 7 300 ; expire
@@ -18,4 +18,4 @@ $TTL 300
18 18
193.2 IN PTR printer.printer.yggdrasil. 193.2 IN PTR printer.printer.yggdrasil.
20 20
211.4 IN PTR printing.vidhar.lan.yggdrasil. 211.5 IN PTR printing.vidhar.lan.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
index bec3fd05..39d59939 100644
--- a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
+++ b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
@@ -1,7 +1,7 @@
1$ORIGIN 1.0.0.0.a.d.a.0.2.5.0.0.0.0.0.4.3.0.a.2.ip6.arpa. 1$ORIGIN 1.0.0.0.a.d.a.0.2.5.0.0.0.0.0.4.3.0.a.2.ip6.arpa.
2$TTL 300 2$TTL 300
3@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li ( 3@ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
4 2023030400 ; serial 4 2023030500 ; serial
5 300 ; refresh 5 300 ; refresh
6 300 ; retry 6 300 ; retry
7 300 ; expire 7 300 ; expire
@@ -14,4 +14,4 @@ $TTL 300
140.0.0.0.0.0.0.0.0.0.0.1 IN PTR vidhar.yggdrasil. 140.0.0.0.0.0.0.0.0.0.0.1 IN PTR vidhar.yggdrasil.
150.0.0.0.0.0.0.0.0.0.0.2 IN PTR sif.yggdrasil. 150.0.0.0.0.0.0.0.0.0.0.2 IN PTR sif.yggdrasil.
16 16
170.0.0.0.0.4.0.0.0.0.0.1 IN PTR printing.vidhar.yggdrasil. 170.0.0.0.0.5.0.0.0.0.0.1 IN PTR printing.vidhar.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa
index 3d0daaac..e2b1a61b 100644
--- a/hosts/vidhar/dns/zones/yggdrasil.soa
+++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -1,7 +1,7 @@
1$ORIGIN yggdrasil. 1$ORIGIN yggdrasil.
2$TTL 300 2$TTL 300
3@ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li ( 3@ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li (
4 2023030405 ; serial 4 2023030500 ; serial
5 300 ; refresh 5 300 ; refresh
6 300 ; retry 6 300 ; retry
7 300 ; expire 7 300 ; expire
@@ -31,5 +31,5 @@ ap01.mgmt IN A 10.141.1.4
31 31
32printer.printer IN A 10.141.3.2 32printer.printer IN A 10.141.3.2
33 33
34printing.vidhar.lan IN A 10.141.4.1 34printing.vidhar.lan IN A 10.141.5.1
35printing.vidhar IN AAAA 2a03:4000:52:ada:4::1 35printing.vidhar IN AAAA 2a03:4000:52:ada:5::1
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index d2c88008..37c1cf55 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -144,8 +144,8 @@ table inet filter {
144 iifname lan oifname { dsl, bifrost } counter name fw-lan accept 144 iifname lan oifname { dsl, bifrost } counter name fw-lan accept
145 145
146 146
147 iifname lan oifname ve-printing ip daddr 10.141.4.1 tcp dport 631 counter name fw-cups accept 147 iifname lan oifname ve-printing ip daddr 10.141.5.1 tcp dport 631 counter name fw-cups accept
148 iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:4::1 tcp dport 631 counter name fw-cups accept 148 iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:5::1 tcp dport 631 counter name fw-cups accept
149 149
150 150
151 iifname ve-printing oifname lan ct state {established, related} counter name fw-printing accept 151 iifname ve-printing oifname lan ct state {established, related} counter name fw-printing accept
diff --git a/hosts/vidhar/printing/default.nix b/hosts/vidhar/printing/default.nix
index 0e0dfcf7..d844823b 100644
--- a/hosts/vidhar/printing/default.nix
+++ b/hosts/vidhar/printing/default.nix
@@ -10,10 +10,10 @@ in {
10 privateNetwork = true; 10 privateNetwork = true;
11 ephemeral = true; 11 ephemeral = true;
12 autoStart = true; 12 autoStart = true;
13 hostAddress = "10.141.4.0"; 13 hostAddress = "10.141.5.0";
14 hostAddress6 = "2a03:4000:52:ada:4::"; 14 hostAddress6 = "2a03:4000:52:ada:5::";
15 localAddress = "10.141.4.1"; 15 localAddress = "10.141.5.1";
16 localAddress6 = "2a03:4000:52:ada:4::1"; 16 localAddress6 = "2a03:4000:52:ada:5::1";
17 interfaces = [ "printer" ]; 17 interfaces = [ "printer" ];
18 config = let 18 config = let
19 hostConfig = config; 19 hostConfig = config;
@@ -42,10 +42,10 @@ in {
42 { subnet = "10.141.3.0/24"; 42 { subnet = "10.141.3.0/24";
43 option-data = [ 43 option-data = [
44 { name = "domain-name-servers"; 44 { name = "domain-name-servers";
45 data = "10.141.4.0"; 45 data = "10.141.5.0";
46 } 46 }
47 { name = "ntp-servers"; 47 { name = "ntp-servers";
48 data = "10.141.4.0"; 48 data = "10.141.5.0";
49 } 49 }
50 { name = "broadcast-address"; 50 { name = "broadcast-address";
51 data = "10.141.3.255"; 51 data = "10.141.3.255";
@@ -81,7 +81,7 @@ in {
81 allowFrom = [ "all" ]; 81 allowFrom = [ "all" ];
82 extraConf = '' 82 extraConf = ''
83 ServerName printing 83 ServerName printing
84 ServerAlias 10.141.4.1 2a03:4000:52:ada:4::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil 84 ServerAlias 10.141.5.1 2a03:4000:52:ada:5::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil
85 ''; 85 '';
86 }; 86 };
87 87
diff --git a/hosts/vidhar/printing/ruleset.nft b/hosts/vidhar/printing/ruleset.nft
index c3027567..e47256c3 100644
--- a/hosts/vidhar/printing/ruleset.nft
+++ b/hosts/vidhar/printing/ruleset.nft
@@ -44,6 +44,7 @@ table inet filter {
44 counter fw-printer {} 44 counter fw-printer {}
45 counter fw-host {} 45 counter fw-host {}
46 46
47 counter icmp-fw {}
47 counter icmp-ratelimit-fw {} 48 counter icmp-ratelimit-fw {}
48 49
49 counter reject-ratelimit-fw {} 50 counter reject-ratelimit-fw {}
@@ -97,9 +98,9 @@ table inet filter {
97 meta l4proto $icmp_protos counter name icmp-fw accept 98 meta l4proto $icmp_protos counter name icmp-fw accept
98 99
99 100
100 iifname printer oifname eth0 ip daddr 10.141.4.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept 101 iifname printer oifname eth0 ip daddr 10.141.5.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
101 iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:4:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept 102 iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:5:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
102 iifname eth0 oifname printer counter fw-host accept 103 iifname eth0 oifname printer counter name fw-host accept
103 104
104 105
105 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop 106 limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -127,8 +128,8 @@ table inet filter {
127 meta l4proto $icmp_protos counter name icmp-rx accept 128 meta l4proto $icmp_protos counter name icmp-rx accept
128 129
129 130
130 ip6 saddr 2a03:4000:52:ada:4:: tcp dport 631 counter name cups-rx accept 131 ip6 saddr 2a03:4000:52:ada:5:: tcp dport 631 counter name cups-rx accept
131 ip saddr 10.141.4.0 tcp dport 631 counter name cups-rx accept 132 ip saddr 10.141.5.0 tcp dport 631 counter name cups-rx accept
132 133
133 ct state {established, related} counter name established-rx accept 134 ct state {established, related} counter name established-rx accept
134 135