pub-solar/infra
6
1
Fork 3
Code Issues 20 Pull requests 9 Actions Packages Projects 1 Releases Wiki Activity

nachtigall: forgejo ssh use nat rules

Browse source
This commit is contained in:
Hendrik Sokolowski 2024-04-05 19:29:17 +02:00
parent 9191729f5c
commit d888bc60b7
Signed by: hensoko
GPG key ID: 5C36A01B80BCCC59
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
hosts/nachtigall/apps/forgejo.nix
View file

@ -43,9 +43,12 @@
# Expose SSH port only for forgejo SSH # Expose SSH port only for forgejo SSH
networking.firewall.interfaces.enp35s0.allowedTCPPorts = [ 2223 ]; networking.firewall.interfaces.enp35s0.allowedTCPPorts = [ 2223 ];
networking.firewall.extraCommands = '' networking.nat.forwardPorts = [{
iptables -t nat -i enp35s0 -I PREROUTING -p tcp --dport 22 -j REDIRECT --to-ports 2223 proto = "tcp";
''; sourcePort = 22;
destination = "127.0.0.1:2223";
loopbackIPs = [ "138.201.80.102" "2a01:4f8:172:1c25::1" ];
}];
services.forgejo = { services.forgejo = {
enable = true; enable = true;

6
hosts/nachtigall/networking.nix
View file

@ -25,4 +25,10 @@
]; ];
networking.defaultGateway = "138.201.80.65"; networking.defaultGateway = "138.201.80.65";
networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; }; networking.defaultGateway6 = { address = "fe80::1"; interface = "enp35s0"; };
networking.nat = {
enable = true;
enableIPv6 = true;
externalInterface = "enp35s0";
};
} }