tv: modularize iptables configuration

author: tv <tv@shackspace.de> 2015-06-22 15:24:09 +0200
committer: tv <tv@shackspace.de> 2015-06-22 15:24:09 +0200
commit: 53305dc496f7f15504a8ef2f1f9511fb0b2f78ab (patch)
tree: 273daca78a42d1f8d8ef4bd5ef6ea33598bfc618 /modules/cd/default.nix
parent: 1538630782ac8c56d549af4fcac4c9abcba8c9c5 (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/modules/cd/default.nix b/modules/cd/default.nix
index 6884c67f..21d9565f 100644
--- a/modules/cd/default.nix
+++ b/modules/cd/default.nix
@@ -8,7 +8,6 @@ in
   imports =
     [
       <secrets/hashedPasswords.nix>
-      ./iptables.nix
       ./networking.nix
       ./users.nix
       ../common/nixpkgs.nix
@@ -19,6 +18,22 @@ in
       ../tv/git/public.nix
       ../tv/retiolum.nix
       ../tv/sanitize.nix
+      {
+        imports = [ ../tv/iptables ];
+        tv.iptables = {
+          enable = true;
+          input-internet-accept-new-tcp = [
+            "ssh"
+            "tinc"
+            "smtp"
+            "xmpp-client"
+            "xmpp-server"
+          ];
+          input-retiolum-accept-new-tcp = [
+            "http"
+          ];
+        };
+      }
     ];
 
   # "Developer 2" plan has two vCPUs.
author	tv <tv@shackspace.de>	2015-06-22 15:24:09 +0200
committer	tv <tv@shackspace.de>	2015-06-22 15:24:09 +0200
commit	53305dc496f7f15504a8ef2f1f9511fb0b2f78ab (patch)
tree	273daca78a42d1f8d8ef4bd5ef6ea33598bfc618 /modules/cd/default.nix
parent	1538630782ac8c56d549af4fcac4c9abcba8c9c5 (diff)