From b5a8efe247a2a724c519ef56411da3ed953bc437 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 12 Oct 2025 15:00:05 +0200
Subject: networking: route port 2222 to hephaistos:22

---
 config/networking.nix           | 19 +++++++++++++++++++
 config/services/web/default.nix |  7 ++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/networking.nix b/config/networking.nix
index 8322f8c..a39d85a 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -22,6 +22,25 @@
       "93.95.224.28"
       "93.95.224.29"
     ];
+
+    # reroute SSH on port 2222 to hephaistos
+    nat.enable = true;
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table ip nat {
+          chain pre {
+            type nat hook prerouting priority dstnat; policy accept;
+            iifname "ens3" tcp dport 2222 dnat to 100.64.0.3:22
+          }
+          chain post {
+            type nat hook postrouting priority srcnat; policy accept;
+            iifname "ens3" ip daddr 100.64.0.3 tcp dport 22 masquerade
+          }
+        }
+      '';
+    };
+
   };
 
   services.resolved = {
diff --git a/config/services/web/default.nix b/config/services/web/default.nix
index 859a3f4..920d1e7 100644
--- a/config/services/web/default.nix
+++ b/config/services/web/default.nix
@@ -1,7 +1,12 @@
 { pkgs, ... }:
 
 {
-  imports = [ ./quentin ./rss ./searx ./webkeydirectory ];
+  imports = [
+    ./quentin
+    ./rss
+    ./searx
+    ./webkeydirectory
+  ];
 
   security.acme = {
     acceptTerms = true;
-- 
cgit v1.2.3