kunsi-p14s: always have voc ip set up, enable forwarding and nat through wireless interface

2023-10-15 16:09:15 +02:00 · 2023-10-15 16:09:15 +02:00 · 7a9401cd6c
parent ebc59f2843
commit 7a9401cd6c
1 changed files with 21 additions and 2 deletions
--- a/nodes/kunsi-p14s.py
+++ b/nodes/kunsi-p14s.py
@ -39,8 +39,8 @@ nodes['kunsi-p14s'] = {
        },
        'interfaces': {
            'br0': {
-                #'ips': {'10.73.100.103/16'},
-                #'gateway4': '10.73.0.254',
+                'ips': {'10.73.100.103/16'},
+                'gateway4': '10.73.0.254',
                'dhcp': True,
            },
            # there is also wlp3s0, but that's managed by netctl
@ -65,6 +65,19 @@ nodes['kunsi-p14s'] = {
                },
            },
        },
+        'nftables': {
+            'forward': {
+                '50-routing': {
+                    'ct state { related, established } accept',
+                    'oifname wlp2s0 accept',
+                },
+            },
+            'postrouting': {
+                '50-routing': {
+                    'oifname wlp2s0 masquerade',
+                },
+            },
+        },
        'openssh': {
            'restrict-to': {
                'rfc1918',
@ -139,6 +152,12 @@ nodes['kunsi-p14s'] = {
                },
            },
        },
+        'sysctl': {
+            'options': {
+                'net.ipv4.ip_forward': '1',
+                'net.ipv6.conf.all.forwarding': '1',
+            },
+        },
        'systemd-networkd': {
            'bridges': {
                'br0': {