diff --git a/oven/configuration.nix b/oven/configuration.nix index 018904a..9e74f9c 100644 --- a/oven/configuration.nix +++ b/oven/configuration.nix @@ -4,6 +4,9 @@ { config, lib, pkgs, ... }: +let + vars = import ../vars.nix; +in { imports = [ @@ -18,20 +21,7 @@ boot.kernelParams = [ "console=ttyS1" ]; # network config - networking = - let - # ports forwarded to pastila (on the same port) - portsPastila = [ - 80 - 22 - ]; - pastila = proto: portFrom: portTo: { - destination = "10.0.42.100:" + builtins.toString portTo; - proto = proto; - sourcePort = portFrom; - }; - in - { + networking = { hostName = "oven"; useDHCP = false; @@ -45,31 +35,33 @@ address = "51.15.168.1"; interface = "enp1s0"; }; - nameservers = [ - "51.159.47.28" - "51.159.47.26" - ]; + nameservers = vars.onlineNetDNS; bridges = { "br0" = { interfaces = []; }; }; - interfaces."br0".ipv4.addresses = [{ - address = "10.0.42.1"; - prefixLength = 24; - }]; + interfaces."br0".ipv4.addresses = [ vars.ovenNat.oven ]; nat = { enable = true; internalInterfaces = ["br0"]; externalInterface = "enp1s0"; forwardPorts = - builtins.map (port: pastila "tcp" port port) portsPastila ++ - builtins.map (port: pastila "udp" port port) portsPastila; + map (port: { + destination = + toString vars.ovenNat.pastila.address ++ ":" ++ toString port.num; + proto = port.proto; + sourcePort = port.num; + }) vars.ovenNat.forwardPorts; }; firewall = { - allowedTCPPorts = portsPastila ++ [ 2222 ]; - allowedUDPPorts = portsPastila; + allowedTCPPorts = + map (port: port.num) + (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts); + allowedUDPPorts = + map (port: port.num) + (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts); }; }; diff --git a/pastila/configuration.nix b/pastila/configuration.nix index 4d46f55..16baab3 100644 --- a/pastila/configuration.nix +++ b/pastila/configuration.nix @@ -4,6 +4,9 @@ { config, lib, pkgs, ... }: +let + vars = import ../vars.nix; +in { imports = [ @@ -19,18 +22,12 @@ networking.hostId = "8425e349"; networking.useDHCP = false; - networking.interfaces."enp1s0".ipv4.addresses = [{ - address = "10.0.42.100"; - prefixLength = 24; - }]; + networking.interfaces."enp1s0".ipv4.addresses = [ vars.ovenNat.pastila ]; networking.defaultGateway = { - address = "10.0.42.1"; + address = vars.ovenNat.oven.address; interface = "enp1s0"; }; - networking.nameservers = [ - "51.159.47.28" - "51.159.47.26" - ]; + networking.nameservers = vars.onlineNetDNS; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.armael = { @@ -42,10 +39,12 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 80 - ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.allowedTCPPorts = + map (port: port.num) + (filter (port: port.proto == "tcp") vars.ovenNat.forwardPorts); + networking.firewall.allowedUDPPorts = + map (port: port.num) + (filter (port: port.proto == "udp") vars.ovenNat.forwardPorts); # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you diff --git a/vars.nix b/vars.nix new file mode 100644 index 0000000..9998448 --- /dev/null +++ b/vars.nix @@ -0,0 +1,16 @@ +{ + ovenNat = { + oven = { address = "10.0.42.1"; prefixLength = 24; }; + pastila = { address = "10.0.42.100"; prefixLength = 24; }; + + # ports to open on pastila and forward through the NAT in oven + forwardPorts = [ + { num = 80; proto = "tcp"; } + { num = 22; proto = "tcp"; } + ]; + }; + onlineNetDNS = [ + "51.159.47.28" + "51.159.47.26" + ]; +}