m 1,2 : wry serves as iodine entry point

3 files changed, 22 insertions, 4 deletions

diff --git a/makefu/1systems/wry.nix b/makefu/1systems/wry.nix
index 03b19d1c..a7ed93c4 100644
--- a/makefu/1systems/wry.nix
+++ b/makefu/1systems/wry.nix
@@ -11,6 +11,8 @@ in {
       ../2configs/base-sources.nix
       ../2configs/tinc-basic-retiolum.nix
 
+      ../2configs/iodined.nix
+
       # Reaktor
       ../2configs/Reaktor/simpleExtend.nix
   ];
@@ -46,7 +48,7 @@ in {
     hostnames_anonymous = [ "graphs.krebsco.de" ];
   };
 
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
 
   krebs.build = {
     user = config.krebs.users.makefu;
diff --git a/makefu/2configs/base-sources.nix b/makefu/2configs/base-sources.nix
index 826cd6fe..7e6bebec 100644
--- a/makefu/2configs/base-sources.nix
+++ b/makefu/2configs/base-sources.nix
@@ -3,9 +3,9 @@
 {
   krebs.build.source = {
     git.nixpkgs = {
-      url = https://github.com/NixOS/nixpkgs;
-      #url = https://github.com/makefu/nixpkgs;
-      rev = "dc18f39bfb2f9d1ba62c7e8ad98544bb15cb26b2"; # nixos-15.09
+      #url = https://github.com/NixOS/nixpkgs;
+      url = https://github.com/makefu/nixpkgs;
+      rev = "78340b042463fd35caa587b0db2e400e5666dbe1"; # nixos-15.09 + cherry-picked iodine
     };
 
     dir.secrets = {
diff --git a/makefu/2configs/iodined.nix b/makefu/2configs/iodined.nix
new file mode 100644
index 00000000..db8a1bfe
--- /dev/null
+++ b/makefu/2configs/iodined.nix
@@ -0,0 +1,16 @@
+{ services,builtins,environment,pkgs, ... }:
+
+let
+  # TODO: make this a parameter
+  domain = "io.krebsco.de";
+  pw = import <secrets/iodinepw.nix>;
+in {
+
+  services.iodined = {
+    enable = true;
+    domain = domain;
+    ip = "172.16.10.1/24";
+    extraConfig = "-P ${pw}";
+  };
+
+}