dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/colony: Add mail server

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-08-26 23:26:19 +01:00
parent 5804b683d4
commit ea03795dca
5 changed files with 74 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -315,6 +315,10 @@ in
Destination = lib.my.colony.prefixes.vip1;
Gateway = allAssignments.colony.routing.ipv4.address;
}
{
Destination = lib.my.colony.prefixes.cust.v6;
Gateway = allAssignments.colony.internal.ipv6.address;
}
] ++
(map (pName: [
{
@@ -364,7 +368,7 @@ in
server.enable = true;
firewall = {
trustedInterfaces = [ "base" "as211024" ];
trustedInterfaces = [ "as211024" ];
udp.allowed = [ 5353 lib.my.kelder.vpn.port ];
tcp.allowed = [ 5353 "bgp" ];
nat = {
@@ -409,6 +413,10 @@ in
define ixps = { frys-ix, nl-ix, fogixp, ifog-transit }
table inet filter {
chain input {
iifname base meta l4proto { udp, tcp } th dport domain accept
}
chain routing-tcp {
# Safe enough to allow all SSH
tcp dport ssh accept
@@ -422,6 +430,9 @@ in
return
}
chain filter-routing {
ip daddr ${prefixes.mail.v4} accept
ip6 daddr ${prefixes.cust.v6} accept
tcp flags & (fin|syn|rst|ack) == syn ct state new jump routing-tcp
meta l4proto udp ct state new jump routing-udp
return
@@ -434,6 +445,7 @@ in
chain forward {
iifname { wan, $ixps } oifname base jump filter-routing
oifname $ixps jump ixp
iifname base oifname { wan, $ixps } accept
oifname { as211024, kelder } accept
}
chain output {

3
nixos/boxes/colony/vms/estuary/dns.nix
View File

@@ -214,6 +214,9 @@ in
valheim IN A ${assignments.internal.ipv4.address}
valheim IN AAAA ${allAssignments.valheim-oci.internal.ipv6.address}
mail-vm IN A ${lib.my.net.cidr.host 0 lib.my.colony.prefixes.mail.v4}
mail-vm IN AAAA ${lib.my.net.cidr.host 1 lib.my.colony.prefixes.mail.v6}
andrey-cust IN A ${allAssignments.kelder.estuary.ipv4.address}
$TTL 3