summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/SiteSpecific/JoeySites.hs
diff options
context:
space:
mode:
authorJoey Hess2017-07-26 13:13:32 -0400
committerJoey Hess2017-07-26 13:13:32 -0400
commit4b148a2c29a78cc07930d665283e5691a5d2156d (patch)
treed8fe0c86d9b51a966df7b256fb1c2c4d3f67108a /src/Propellor/Property/SiteSpecific/JoeySites.hs
parentfb1c34c78c3f2b248fea5be17df7295987953f88 (diff)
propellor spin
Diffstat (limited to 'src/Propellor/Property/SiteSpecific/JoeySites.hs')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 6e0d6c4e..499409e0 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -929,3 +929,22 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer
& Systemd.started "goodmorning.timer"
& "/etc/systemd/logind.conf" `ConfFile.containsIniSetting`
("Login", "LidSwitchIgnoreInhibited", "no")
+
+-- | Enable IP masqerading, from the intif to the extif.
+ipmasq :: String -> String -> Property DebianLike
+ipmasq extif intif = script `File.hasContent`
+ [ "#!/bin/sh"
+ , "EXTIF=" ++ extif
+ , "INTIF=" ++ intif
+ , "if [ \"$IFACE\" != $EXTIF; then"
+ , "exit 0"
+ , "fi"
+ , "iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT"
+ , "iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT"
+ , "iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE"
+ , "echo 1 > /proc/sys/net/ipv4/ip_forward"
+ ]
+ `requires` Apt.installed ["iptables"]
+ `before` (script `File.mode` combineModes (readModes ++ executeModes))
+ where
+ script = "/etc/network/if-up.d/ipmasq"