From ef39030d83fb488b16035c82f1f876ed103f541a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 5 Mar 2023 11:20:27 +0100
Subject: ...

---
 hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa             |  4 ++--
 .../arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa   |  4 ++--
 hosts/vidhar/dns/zones/yggdrasil.soa                       |  6 +++---
 hosts/vidhar/network/ruleset.nft                           |  4 ++--
 hosts/vidhar/printing/default.nix                          | 14 +++++++-------
 hosts/vidhar/printing/ruleset.nft                          | 11 ++++++-----
 6 files changed, 22 insertions(+), 21 deletions(-)

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
index 5f98034e..b23f6fd4 100644
--- a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
@@ -1,7 +1,7 @@
 $ORIGIN 141.10.in-addr.arpa.
 $TTL 300
 @ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
-  2023030402 ; serial
+  2023030500 ; serial
   300        ; refresh
   300        ; retry
   300        ; expire
@@ -18,4 +18,4 @@ $TTL 300
 
 3.2	IN	PTR	printer.printer.yggdrasil.
 
-1.4	IN	PTR	printing.vidhar.lan.yggdrasil.
+1.5	IN	PTR	printing.vidhar.lan.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
index bec3fd05..39d59939 100644
--- a/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
+++ b/hosts/vidhar/dns/zones/arpa.ip6.2.a.0.3.4.0.0.0.0.0.5.2.0.a.d.a.0.0.0.1.soa
@@ -1,7 +1,7 @@
 $ORIGIN 1.0.0.0.a.d.a.0.2.5.0.0.0.0.0.4.3.0.a.2.ip6.arpa.
 $TTL 300
 @ IN SOA vidhar.lan.yggdrasil. hostmaster.yggdrasil.li (
-  2023030400 ; serial
+  2023030500 ; serial
   300        ; refresh
   300        ; retry
   300        ; expire
@@ -14,4 +14,4 @@ $TTL 300
 0.0.0.0.0.0.0.0.0.0.0.1	IN	PTR	vidhar.yggdrasil.
 0.0.0.0.0.0.0.0.0.0.0.2	IN	PTR	sif.yggdrasil.
 
-0.0.0.0.0.4.0.0.0.0.0.1 IN	PTR	printing.vidhar.yggdrasil.
+0.0.0.0.0.5.0.0.0.0.0.1 IN	PTR	printing.vidhar.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa
index 3d0daaac..e2b1a61b 100644
--- a/hosts/vidhar/dns/zones/yggdrasil.soa
+++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -1,7 +1,7 @@
 $ORIGIN yggdrasil.
 $TTL 300
 @ IN SOA vidhar.yggdrasil. hostmaster.yggdrasil.li (
-  2023030405 ; serial
+  2023030500 ; serial
   300        ; refresh
   300        ; retry
   300        ; expire
@@ -31,5 +31,5 @@ ap01.mgmt	IN	A	10.141.1.4
 
 printer.printer	IN	A	10.141.3.2
 
-printing.vidhar.lan IN	A	10.141.4.1
-printing.vidhar IN	AAAA	2a03:4000:52:ada:4::1
+printing.vidhar.lan IN	A	10.141.5.1
+printing.vidhar IN	AAAA	2a03:4000:52:ada:5::1
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index d2c88008..37c1cf55 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -144,8 +144,8 @@ table inet filter {
     iifname lan oifname { dsl, bifrost } counter name fw-lan accept
 
 
-    iifname lan oifname ve-printing ip daddr 10.141.4.1 tcp dport 631 counter name fw-cups accept
-    iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:4::1 tcp dport 631 counter name fw-cups accept
+    iifname lan oifname ve-printing ip daddr 10.141.5.1 tcp dport 631 counter name fw-cups accept
+    iifname lan oifname ve-printing ip6 daddr 2a03:4000:52:ada:5::1 tcp dport 631 counter name fw-cups accept
 
 
     iifname ve-printing oifname lan ct state {established, related} counter name fw-printing accept
diff --git a/hosts/vidhar/printing/default.nix b/hosts/vidhar/printing/default.nix
index 0e0dfcf7..d844823b 100644
--- a/hosts/vidhar/printing/default.nix
+++ b/hosts/vidhar/printing/default.nix
@@ -10,10 +10,10 @@ in {
       privateNetwork = true;
       ephemeral = true;
       autoStart = true;
-      hostAddress = "10.141.4.0";
-      hostAddress6 = "2a03:4000:52:ada:4::";
-      localAddress = "10.141.4.1";
-      localAddress6 = "2a03:4000:52:ada:4::1";
+      hostAddress = "10.141.5.0";
+      hostAddress6 = "2a03:4000:52:ada:5::";
+      localAddress = "10.141.5.1";
+      localAddress6 = "2a03:4000:52:ada:5::1";
       interfaces = [ "printer" ];
       config = let
         hostConfig = config;
@@ -42,10 +42,10 @@ in {
                     { subnet = "10.141.3.0/24";
                       option-data = [
                         { name = "domain-name-servers";
-                          data = "10.141.4.0";
+                          data = "10.141.5.0";
                         }
                         { name = "ntp-servers";
-                          data = "10.141.4.0";
+                          data = "10.141.5.0";
                         }
                         { name = "broadcast-address";
                           data = "10.141.3.255";
@@ -81,7 +81,7 @@ in {
               allowFrom = [ "all" ];
               extraConf = ''
                 ServerName printing
-                ServerAlias 10.141.4.1 2a03:4000:52:ada:4::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil
+                ServerAlias 10.141.5.1 2a03:4000:52:ada:5::1 printing.vidhar.yggdrasil printing.vidhar.lan.yggdrasil
               '';
             };
 
diff --git a/hosts/vidhar/printing/ruleset.nft b/hosts/vidhar/printing/ruleset.nft
index c3027567..e47256c3 100644
--- a/hosts/vidhar/printing/ruleset.nft
+++ b/hosts/vidhar/printing/ruleset.nft
@@ -44,6 +44,7 @@ table inet filter {
   counter fw-printer {}
   counter fw-host {}
 
+  counter icmp-fw {}
   counter icmp-ratelimit-fw {}
 
   counter reject-ratelimit-fw {}
@@ -97,9 +98,9 @@ table inet filter {
     meta l4proto $icmp_protos counter name icmp-fw accept
 
 
-    iifname printer oifname eth0 ip daddr 10.141.4.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept
-    iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:4:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter fw-printer accept
-    iifname eth0 oifname printer counter fw-host accept
+    iifname printer oifname eth0 ip daddr 10.141.5.0 meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
+    iifname printer oifname eth0 ip6 daddr 2a03:4000:52:ada:5:: meta l4proto . th dport { tcp . 53, udp . 53, udp . 123 } counter name fw-printer accept
+    iifname eth0 oifname printer counter name fw-host accept
 
 
     limit name lim_reject log level debug prefix "drop forward: " counter name reject-ratelimit-fw drop
@@ -127,8 +128,8 @@ table inet filter {
     meta l4proto $icmp_protos counter name icmp-rx accept
 
 
-    ip6 saddr 2a03:4000:52:ada:4:: tcp dport 631 counter name cups-rx accept
-    ip saddr 10.141.4.0 tcp dport 631 counter name cups-rx accept
+    ip6 saddr 2a03:4000:52:ada:5:: tcp dport 631 counter name cups-rx accept
+    ip saddr 10.141.5.0 tcp dport 631 counter name cups-rx accept
 
     ct state {established, related} counter name established-rx accept
 
-- 
cgit v1.2.3