From fd22ef10cc056cf4286a0c429078c408482c8dfb Mon Sep 17 00:00:00 2001
From: RootHost-Stormwind <RootHost-Stormwind@ze.mawtrixx.net>
Date: Wed, 2 Jul 2025 08:37:50 +0200
Subject: [PATCH] networking rulez

---
 networking.nix            | 44 ++++++++++++++++++++++-----------------
 user/stormwind/master.nix |  2 +-
 2 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/networking.nix b/networking.nix
index d12e1d3..cc2fc33 100644
--- a/networking.nix
+++ b/networking.nix
@@ -11,31 +11,32 @@
           table ip nat {
             chain PREROUTING {
               type nat hook prerouting priority dstnat; policy accept;
-              iifname "enp3s0" tcp dport 80 dnat to 10.94.157.2:80
-              iifname "enp3s0" tcp dport 443 dnat to 10.94.157.2:443
-              iifname "enp3s0" tcp dport 20 dnat to 10.94.157.2:20
-              iifname "enp3s0" tcp dport 21 dnat to 10.94.157.2:21
-              iifname "enp3s0" tcp dport 22 dnat to 10.94.157.2:22
-              iifname "enp3s0" tcp dport 990 dnat to 10.94.157.2:990
-              iifname "enp3s0" tcp dport 989 dnat to 10.94.157.2:989
-              iifname "enp3s0" tcp dport 445 dnat to 10.94.157.2:445
-              iifname "enp3s0" tcp dport 111 dnat to 10.94.157.2:111
-              iifname "enp3s0" udp dport 111 dnat to 10.94.157.2:111
-              iifname "enp3s0" tcp dport 2049 dnat to 10.94.157.2:2049
-              iifname "enp3s0" udp dport 2049 dnat to 10.94.157.2:2049
-              iifname "enp3s0" tcp dport 32765 dnat to 10.94.157.2:32765
-              iifname "enp3s0" udp dport 32765 dnat to 10.94.157.2:32765
-              iifname "enp3s0" tcp dport 32768 dnat to 10.94.157.2:32768
-              iifname "enp3s0" udp dport 32768 dnat to 10.94.157.2:32768
-              iifname "enp3s0" tcp dport 20048 dnat to 10.94.157.2:20048
-              iifname "enp3s0" udp dport 20048 dnat to 10.94.157.2:20048
+              iifname "enp4s0" tcp dport 80 dnat to 10.94.157.2:80
+              iifname "enp4s0" tcp dport 443 dnat to 10.94.157.2:443
+              iifname "enp4s0" tcp dport 20 dnat to 10.94.157.2:20
+              iifname "enp4s0" tcp dport 21 dnat to 10.94.157.2:21
+              iifname "enp4s0" tcp dport 22 dnat to 10.94.157.2:22
+              iifname "enp4s0" tcp dport 2223 dnat to 10.94.157.2:2223
+              iifname "enp4s0" tcp dport 990 dnat to 10.94.157.2:990
+              iifname "enp4s0" tcp dport 989 dnat to 10.94.157.2:989
+              iifname "enp4s0" tcp dport 445 dnat to 10.94.157.2:445
+              iifname "enp4s0" tcp dport 111 dnat to 10.94.157.2:111
+              iifname "enp4s0" udp dport 111 dnat to 10.94.157.2:111
+              iifname "enp4s0" tcp dport 2049 dnat to 10.94.157.2:2049
+              iifname "enp4s0" udp dport 2049 dnat to 10.94.157.2:2049
+              iifname "enp4s0" tcp dport 32765 dnat to 10.94.157.2:32765
+              iifname "enp4s0" udp dport 32765 dnat to 10.94.157.2:32765
+              iifname "enp4s0" tcp dport 32768 dnat to 10.94.157.2:32768
+              iifname "enp4s0" udp dport 32768 dnat to 10.94.157.2:32768
+              iifname "enp4s0" tcp dport 20048 dnat to 10.94.157.2:20048
+              iifname "enp4s0" udp dport 20048 dnat to 10.94.157.2:20048
             }
           }
       '';
     };
 
     firewall = {
-      allowedTCPPorts = [ 80 443 20 21 22 990 989 445 111 2049 32765 32768 20048 ];
+      allowedTCPPorts = [ 80 443 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ];
       allowedUDPPorts = [ 111 2049 20048 32765 32768 ];
     };
 
@@ -70,6 +71,11 @@
           proto = "tcp";
           destination = "10.94.157.2:22";
         }
+        {
+          sourcePort = 2223;
+          proto = "tcp";
+          destination = "10.94.157.2:2223";
+        }
         {
           sourcePort = 990;
           proto = "tcp";
diff --git a/user/stormwind/master.nix b/user/stormwind/master.nix
index e266898..b1b67a7 100644
--- a/user/stormwind/master.nix
+++ b/user/stormwind/master.nix
@@ -34,8 +34,8 @@
     packages = with pkgs; [];
 
     openssh.authorizedKeys.keys = [
+      ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN813v9B9Af6u3lvoPkcMzbh3/3gwRNLi58HCOjVLE0N''
       ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsZZ1qSy+cu1QMlPoZZ2ovv8G+4OIyI07/di68F7NtZ leon macbook''
-      ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtoTBVNYtsmDLM6vB2PjWIsJ+8gzzTe+j/uFT6usF/rudJN7SU9iSvoQkJhximjcK7ZWbRKJyX84aOv4b/S5ZD5vduxkb+oJlp2dGUagNYkhVTTRhkfgVKmTceD2jlauAIELlCQEm1Y3REEGZHkatc6Hy8yHtqYLixClF3fvO8NAE9NyC7ntgiKkFNhC7UjmCVAA0T97mYAvd5Q7kAeBzcU6Hcz7WsASwHoTxwUcTdqMjZXghxPgN8R+4zNr5P9PYNI2i+F2OzFxqr7Ipg9QbTSgDU+wtTWEvwxeUmZMJTf4xmjF/WmU9NxP61bbtC8U1k31hOqbKXar//oACa/XKLtaqyWiN/iEwWeiGD2WcJizRq+y8Y6mfgXHbogB7Ro7/vSlSkccSs+Ibeu4u8/wjVWQTu7cO3ZG/R4HYsW/tFLdMCzeYWFim19m3EuGpZfKFv7fzlG4Xm9XZFjpROEZPGdYPN0gI4zzVe1Xh/y5oxM1/gQwolRSnT8sFrQpv0x04dZbmV8ub+AygGNfXN8UlYkBjEZVKRzDwbSCvIikNh18V7cvTlD1wCludIwL6XCGWiOuGBE797qkr3Wy+wS5yDp+9CQeqWnqz6k6A4j6oBKZzwxfhMBauZCBnAcI5K9BwxzAG24EgpdjJ9vk7kOq41qdxj5esiC58nFdZB0MaE6Q== leon-macbook-key''
     ];
   };