From 07a1da4410fbd9a91a497b0d8bd26a2f407d3754 Mon Sep 17 00:00:00 2001 From: Tine Date: Thu, 7 Nov 2024 22:11:11 +0100 Subject: [PATCH] feat(firewall): node specific port-forwarding for ingress.tjo.cloud --- justfile | 12 ++++++++++++ openwrt/etc/config/firewall.batuu | 7 +++++++ openwrt/etc/config/firewall.jakku | 7 +++++++ openwrt/etc/config/firewall.nevaroo | 7 +++++++ 4 files changed, 33 insertions(+) create mode 100644 openwrt/etc/config/firewall.batuu create mode 100644 openwrt/etc/config/firewall.jakku create mode 100644 openwrt/etc/config/firewall.nevaroo diff --git a/justfile b/justfile index d432944..3525e73 100644 --- a/justfile +++ b/justfile @@ -29,11 +29,23 @@ deploy-config node ipv4_subnet ipv6_subnet: for file in {{justfile_directory()}}/openwrt/etc/config/* do + # Skip node specific configs + if [[ "$file" == *\.* ]] + then + continue + fi + echo "Deploying /etc/config/$(basename $file)" export IPV4_SUBNET="{{ipv4_subnet}}" export IPV6_SUBNET="{{ipv6_subnet}}" export HOSTNAME="{{node}}.network.tjo.cloud" cat $file | envsubst | tailscale ssh "root@{{node}}-network-tjo-cloud" "cat > /etc/config/$(basename $file)" + + # Deploy node specific configs + if [ -f "${file}.{{node}}" ] + then + cat "${file}.{{node}}" | envsubst | tailscale ssh "root@{{node}}-network-tjo-cloud" "cat >> /etc/config/$(basename $file)" + fi done echo "Reboot router in 5 seconds..." diff --git a/openwrt/etc/config/firewall.batuu b/openwrt/etc/config/firewall.batuu new file mode 100644 index 0000000..1cb0881 --- /dev/null +++ b/openwrt/etc/config/firewall.batuu @@ -0,0 +1,7 @@ +config redirect + option dest 'lan' + option target 'DNAT' + option name 'batuu.ingress.tjo.cloud' + option src 'wan' + option src_dport '1-1000' + option dest_ip '10.0.19.126' diff --git a/openwrt/etc/config/firewall.jakku b/openwrt/etc/config/firewall.jakku new file mode 100644 index 0000000..7cfdaf2 --- /dev/null +++ b/openwrt/etc/config/firewall.jakku @@ -0,0 +1,7 @@ +config redirect + option dest 'lan' + option target 'DNAT' + option name 'jakku.ingress.tjo.cloud' + option src 'wan' + option src_dport '1-1000' + option dest_ip '10.0.32.19' diff --git a/openwrt/etc/config/firewall.nevaroo b/openwrt/etc/config/firewall.nevaroo new file mode 100644 index 0000000..8f3ee08 --- /dev/null +++ b/openwrt/etc/config/firewall.nevaroo @@ -0,0 +1,7 @@ +config redirect + option dest 'lan' + option target 'DNAT' + option name 'nevaroo.ingress.tjo.cloud' + option src 'wan' + option src_dport '1-1000' + option dest_ip '10.0.49.171'