share common config wrt port forwarding & networking

2024-05-27 19:36:03 +02:00 · 2024-05-27 19:36:03 +02:00 · b2f80659a7
commit b2f80659a7
parent 1541c7b011
3 changed files with 46 additions and 39 deletions
--- a/oven/configuration.nix
+++ b/oven/configuration.nix
@ -4,6 +4,9 @@

 { config, lib, pkgs, ... }:

+let
+  vars = import ../vars.nix;
+in
 {
  imports =
    [
@ -18,20 +21,7 @@
  boot.kernelParams = [ "console=ttyS1" ];

  # network config
-  networking =
-  let
-    # ports forwarded to pastila (on the same port)
-    portsPastila = [
-      80
-      22
-    ];
-    pastila = proto: portFrom: portTo: {
-      destination = "10.0.42.100:" + builtins.toString portTo;
-      proto = proto;
-      sourcePort = portFrom;
-    };
-  in
-  {
+  networking = {
    hostName = "oven";

    useDHCP = false;
@ -45,31 +35,33 @@
      address = "51.15.168.1";
      interface = "enp1s0";
    };
-    nameservers = [
-      "51.159.47.28"
-      "51.159.47.26"
-    ];
+    nameservers = vars.onlineNetDNS;

    bridges = {
      "br0" = { interfaces = []; };
    };
-    interfaces."br0".ipv4.addresses = [{
-      address = "10.0.42.1";
-      prefixLength = 24;
-    }];
+    interfaces."br0".ipv4.addresses = [ vars.ovenNat.oven ];

    nat = {
      enable = true;
      internalInterfaces = ["br0"];
      externalInterface = "enp1s0";
      forwardPorts =
-        builtins.map (port: pastila "tcp" port port) portsPastila ++
-	builtins.map (port: pastila "udp" port port) portsPastila;
+        map (port: {
+          destination =
+            toString vars.ovenNat.pastila.address ++ ":" ++ toString port.num;
+          proto = port.proto;
+          sourcePort = port.num;
+        }) vars.ovenNat.forwardPorts;
    };

    firewall = {
-      allowedTCPPorts = portsPastila ++ [ 2222 ];
-      allowedUDPPorts = portsPastila;
+      allowedTCPPorts =
+        map (port: port.num)
+          (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts);
+      allowedUDPPorts =
+        map (port: port.num)
+          (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts);
    };
  };

--- a/pastila/configuration.nix
+++ b/pastila/configuration.nix
@ -4,6 +4,9 @@

 { config, lib, pkgs, ... }:

+let
+  vars = import ../vars.nix;
+in
 {
  imports =
    [
@ -19,18 +22,12 @@
  networking.hostId = "8425e349";

  networking.useDHCP = false;
-  networking.interfaces."enp1s0".ipv4.addresses = [{
-    address = "10.0.42.100";
-    prefixLength = 24;
-  }];
+  networking.interfaces."enp1s0".ipv4.addresses = [ vars.ovenNat.pastila ];
  networking.defaultGateway = {
-    address = "10.0.42.1";
+    address = vars.ovenNat.oven.address;
    interface = "enp1s0";
  };
-  networking.nameservers = [
-    "51.159.47.28"
-    "51.159.47.26"
-  ];
+  networking.nameservers = vars.onlineNetDNS;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.armael = {
@ -42,10 +39,12 @@
  };

  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [
-    80
-  ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedTCPPorts =
+    map (port: port.num)
+      (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts);
+  networking.firewall.allowedUDPPorts =
+    map (port: port.num)
+      (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts);

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
--- a/vars.nix
+++ b/vars.nix
@ -0,0 +1,16 @@
+{
+  ovenNat = {
+    oven = { address = "10.0.42.1"; prefixLength = 24; };
+    pastila = { address = "10.0.42.100"; prefixLength = 24; };
+
+    # ports to open on pastila and forward through the NAT in oven
+    forwardPorts = [
+      { num = 80; proto = "tcp"; }
+      { num = 22; proto = "tcp"; }
+    ];
+  };
+  onlineNetDNS = [
+    "51.159.47.28"
+    "51.159.47.26"
+  ];
+}