networking: route port 2222 to hephaistos:22

author: quentin@aristote.fr <quentin@aristote.fr> 2025-10-12 15:00:05 +0200
committer: quentin@aristote.fr <quentin@aristote.fr> 2025-10-12 18:20:47 +0200
commit: b5a8efe247a2a724c519ef56411da3ed953bc437 (patch)
tree: 9a87782b21497589676a507075488d09f56a2b8e
parent: 815dcfd8505d6fd68b8196d60f8e5abc1d9d58dc (diff)
2 files changed, 25 insertions, 1 deletions
diff --git a/config/networking.nix b/config/networking.nix
index 8322f8c..a39d85a 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -22,6 +22,25 @@
       "93.95.224.28"
       "93.95.224.29"
     ];
+
+    # reroute SSH on port 2222 to hephaistos
+    nat.enable = true;
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table ip nat {
+          chain pre {
+            type nat hook prerouting priority dstnat; policy accept;
+            iifname "ens3" tcp dport 2222 dnat to 100.64.0.3:22
+          }
+          chain post {
+            type nat hook postrouting priority srcnat; policy accept;
+            iifname "ens3" ip daddr 100.64.0.3 tcp dport 22 masquerade
+          }
+        }
+      '';
+    };
+
   };
 
   services.resolved = {
diff --git a/config/services/web/default.nix b/config/services/web/default.nix
index 859a3f4..920d1e7 100644
--- a/config/services/web/default.nix
+++ b/config/services/web/default.nix
@@ -1,7 +1,12 @@
 { pkgs, ... }:
 
 {
-  imports = [ ./quentin ./rss ./searx ./webkeydirectory ];
+  imports = [
+    ./quentin
+    ./rss
+    ./searx
+    ./webkeydirectory
+  ];
 
   security.acme = {
     acceptTerms = true;
author	quentin@aristote.fr <quentin@aristote.fr>	2025-10-12 15:00:05 +0200
committer	quentin@aristote.fr <quentin@aristote.fr>	2025-10-12 18:20:47 +0200
commit	b5a8efe247a2a724c519ef56411da3ed953bc437 (patch)
tree	9a87782b21497589676a507075488d09f56a2b8e
parent	815dcfd8505d6fd68b8196d60f8e5abc1d9d58dc (diff)