From f203f1ccf538955dbd81e9a81b4cb9da520a9afa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <asbjorn@labitat.dk>
Date: Sat, 3 Nov 2018 18:41:56 +0000
Subject: space_server: add spacebrain.labitat.dk

---
 roles/space_server/files/networkd/network/10-lan20.network |  4 ++++
 roles/space_server/files/nftables/nftables.conf            | 14 ++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/roles/space_server/files/networkd/network/10-lan20.network b/roles/space_server/files/networkd/network/10-lan20.network
index b30caa4..06b1ff1 100644
--- a/roles/space_server/files/networkd/network/10-lan20.network
+++ b/roles/space_server/files/networkd/network/10-lan20.network
@@ -17,3 +17,7 @@ EmitLLDP=no
 [Route]
 Destination=2a01:4262:1ab::cafe/128
 Gateway=2a01:4262:1ab:20::5
+
+[Route]
+Destination=2a01:4262:1ab::db/128
+Gateway=2a01:4262:1ab:20::6
diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf
index d33a7bf..5f2f1b3 100644
--- a/roles/space_server/files/nftables/nftables.conf
+++ b/roles/space_server/files/nftables/nftables.conf
@@ -6,6 +6,12 @@ define labitat = 185.38.172.72
 define spacewand4 = 185.38.175.70
 define spacewand6 = 2a01:4262:1ab::cafe
 
+define spacebrain4 = 185.38.175.69
+define spacebrain6 = 2a01:4262:1ab::db
+
+define labservers4 = { $spacewand4, $spacebrain4 }
+define labservers6 = { $spacewand6, $spacebrain6 }
+
 # internal stuff
 define ext_if    = wan
 define ext_ip4   = 185.38.175.0
@@ -102,8 +108,8 @@ table ip filter {
 		ct state established,related accept
 		ct state invalid drop
 
-		# accept all traffic to spacewand
-		ip daddr $spacewand4 accept
+		# accept all traffic to Labitat servers
+		ip daddr $labservers4 accept
 
 		ip saddr $labitat udp dport 161 counter accept # traffic stats
 
@@ -164,8 +170,8 @@ table ip6 filter {
 		ct state established,related accept
 		ct state invalid drop
 
-		# accept all traffic to spacewand
-		ip6 daddr $spacewand6 accept
+		# accept all traffic to Labitat servers
+		ip6 daddr $labservers6 accept
 
 		iif $wire_if ip6 saddr $wire_net6 accept
 		iif $priv_if ip6 saddr $priv_net6 accept
-- 
cgit v1.2.1