feat(firewall): node specific port-forwarding for ingress.tjo.cloud

2024-11-07 22:11:11 +01:00 · 2024-11-07 22:11:11 +01:00 · 07a1da4410
commit 07a1da4410
parent 955d18f078
4 changed files with 33 additions and 0 deletions
--- a/12
+++ b/12
@ -29,11 +29,23 @@ deploy-config node ipv4_subnet ipv6_subnet:

  for file in {{justfile_directory()}}/openwrt/etc/config/*
  do
+    # Skip node specific configs
+    if [[ "$file" == *\.* ]]
+    then
+      continue
+    fi
+
    echo "Deploying /etc/config/$(basename $file)"
    export IPV4_SUBNET="{{ipv4_subnet}}"
    export IPV6_SUBNET="{{ipv6_subnet}}"
    export HOSTNAME="{{node}}.network.tjo.cloud"
    cat $file | envsubst | tailscale ssh "root@{{node}}-network-tjo-cloud" "cat > /etc/config/$(basename $file)"
+
+    # Deploy node specific configs
+    if [ -f "${file}.{{node}}" ]
+    then
+      cat "${file}.{{node}}" | envsubst | tailscale ssh "root@{{node}}-network-tjo-cloud" "cat >> /etc/config/$(basename $file)"
+    fi
  done

  echo "Reboot router in 5 seconds..."
--- a/openwrt/etc/config/firewall.batuu
+++ b/openwrt/etc/config/firewall.batuu
@ -0,0 +1,7 @@
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'batuu.ingress.tjo.cloud'
+	option src 'wan'
+	option src_dport '1-1000'
+	option dest_ip '10.0.19.126'
--- a/openwrt/etc/config/firewall.jakku
+++ b/openwrt/etc/config/firewall.jakku
@ -0,0 +1,7 @@
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'jakku.ingress.tjo.cloud'
+	option src 'wan'
+	option src_dport '1-1000'
+	option dest_ip '10.0.32.19'
--- a/openwrt/etc/config/firewall.nevaroo
+++ b/openwrt/etc/config/firewall.nevaroo
@ -0,0 +1,7 @@
+config redirect
+	option dest 'lan'
+	option target 'DNAT'
+	option name 'nevaroo.ingress.tjo.cloud'
+	option src 'wan'
+	option src_dport '1-1000'
+	option dest_ip '10.0.49.171'