nix/nixos/hosts/osaka-linode-01/xinetd.nix

166 lines
4.6 KiB
Nix
Raw Normal View History

2023-12-06 08:50:18 +01:00
{ config, lib, pkgs, ... }: {
networking.firewall.allowedUDPPorts = [
3478 # Headscale DERP UDP
10000 # Jitsi
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
25 # SMTP (explicit TLS => STARTTLS)
465 # ESMTP (implicit TLS)
587 # ESMTP (explicit TLS => STARTTLS)
143 # IMAP4 (explicit TLS => STARTTLS)
993 # IMAP4 (implicit TLS)
4190 # Sieve support
42420 # Vintage Story
25565 # Minecraft
1443 # Headscale DERP
4443 # jitsi-jvb
5222 # Jitsi
5347 # Jitsi
5280 # Jitsi
];
networking.firewall.extraCommands = ''
2023-12-06 08:59:18 +01:00
iptables -t nat -A PREROUTING -d 172.234.84.222 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -s 10.100.0.2 -j SNAT --to-source 172.234.84.222
2023-12-06 10:49:44 +01:00
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# PORT 10000
iptables -t nat -A PREROUTING -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE
# PORT 3478
iptables -t nat -A PREROUTING -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE
2023-12-06 10:58:42 +01:00
# PORT 4443
iptables -t nat -A PREROUTING -p tcp --dport 4443 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 4443 -j MASQUERADE
# PORT 5222
iptables -t nat -A PREROUTING -p tcp --dport 5222 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5222 -j MASQUERADE
# PORT 5347
iptables -t nat -A PREROUTING -p tcp --dport 5347 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5347 -j MASQUERADE
# PORT 5280
iptables -t nat -A PREROUTING -p tcp --dport 5280 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5280 -j MASQUERADE
2023-12-06 08:50:18 +01:00
'';
services.xinetd = {
2023-12-06 09:01:03 +01:00
enable = true;
2023-12-06 08:50:18 +01:00
services = [
{
name = "http";
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 80
'';
2023-12-06 08:50:18 +01:00
}
{
name = "https";
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 443
'';
2023-12-06 08:50:18 +01:00
}
{
name = "minecraft";
port = 25565;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 25565
'';
2023-12-06 08:50:18 +01:00
}
{
name = "vintage-story";
port = 42420;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 42420
'';
2023-12-06 08:50:18 +01:00
}
################################################ mail
{
name = "mail 25";
port = 25;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 25
'';
2023-12-06 08:50:18 +01:00
}
{
name = "mail 465";
port = 465;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 465
'';
2023-12-06 08:50:18 +01:00
}
{
name = "mail 587";
port = 587;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 587
'';
2023-12-06 08:50:18 +01:00
}
{
name = "mail 143";
port = 143;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 143
'';
2023-12-06 08:50:18 +01:00
}
{
name = "mail 993";
port = 993;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 993
'';
2023-12-06 08:50:18 +01:00
}
{
name = "mail 4190";
port = 4190;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
2023-12-06 11:14:37 +01:00
extraConfig = ''
socket_type = raw
redirect = 10.100.0.2 4190
'';
2023-12-06 08:50:18 +01:00
}
2023-12-06 10:00:28 +01:00
################################################ /mail
2023-12-06 08:50:18 +01:00
];
};
}