Update xinetd

2023-12-06 18:00:28 +09:00 · 2023-12-06 18:00:28 +09:00 · 8b62e39d1b
commit 8b62e39d1b
parent 4801f00147
2 changed files with 5 additions and 44 deletions
--- a/nixos/hosts/osaka-linode-01/wireguard.nix
+++ b/nixos/hosts/osaka-linode-01/wireguard.nix
@ -27,8 +27,8 @@
        ips = [ "10.100.0.1/24" ];
        listenPort = 51820;
        privateKeyFile = "/run/secrets/wireguard_keys/osaka-linode-01";
-        postSetup    = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
-        postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
+        postSetup    = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp0s4 -j MASQUERADE'';
+        postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp0s4 -j MASQUERADE'';
        peers = [
          { # nixos-rpi4-03
            publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
@ -44,6 +44,6 @@
  networking.nat = {
    enable = true;
    internalInterfaces =  [ "wireguard0" ];
-    externalInterface  = "eno3";
+    externalInterface  = "enp0s4";
  };
 }
--- a/nixos/hosts/osaka-linode-01/xinetd.nix
+++ b/nixos/hosts/osaka-linode-01/xinetd.nix
@ -23,15 +23,6 @@
  networking.firewall.extraCommands     = '' 
    iptables -t nat -A PREROUTING  -d 172.234.84.222 -j DNAT --to-destination 10.100.0.2
    iptables -t nat -A POSTROUTING -s 10.100.0.2     -j SNAT --to-source      172.234.84.222
-    iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-    # PORT 10000
-    iptables -t nat -A PREROUTING  -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE
-
-    # PORT 3478
-    iptables -t nat -A PREROUTING  -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE
  '';

  services.xinetd = {
@ -145,38 +136,8 @@
        server = "/usr/bin/env"; # Placeholder.
        extraConfig = "redirect = 10.100.0.2 4190";
      }
-      ################################################ mail
-      ################################################ headscale-derp
-      {
-        name = "headscale-derp 3478 udp";
-        port = 3478;
-        protocol = "udp";
-        unlisted = true;
-        server = "/usr/bin/env"; # Placeholder.
-        extraConfig = "redirect = 10.100.0.2 3478";
-      }
-      {
-        name = "headscale-derp 1443 tcp";
-        port = 1443;
-        protocol = "tcp";
-        unlisted = true;
-        server = "/usr/bin/env"; # Placeholder.
-        extraConfig = "redirect = 10.100.0.2 1443";
-      }
-      {
-        name = "piaware";
-        port = 8080;
-        unlisted = true;
-        server = "/usr/bin/env"; # Placeholder.
-        extraConfig = "redirect = piaware-rpi4 8080";
-      }
-      # {
-      #   name = "ssh";
-      #   port = 2282;
-      #   unlisted = true;
-      #   server = "/usr/bin/env"; # Placeholder.
-      #   extraConfig = "redirect = 10.100.0.2 22";
-      # }
+      ################################################ /mail
+
    ];
  };
 }