From ca1d6b3588395f3e940fcaefc0914777db33ca38 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Mon, 28 Nov 2016 13:06:00 +0100
Subject: l 3 iptables: set defaults correctly

---
 krebs/3modules/iptables.nix | 30 +++++-------------------------
 1 file changed, 5 insertions(+), 25 deletions(-)

(limited to 'krebs/3modules')

diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index a4a4de6f..09b493c2 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -29,9 +29,10 @@ let
     tables = mkOption {
       type = with types; attrsOf (attrsOf (submodule ({
         options = {
+          #TODO: find out good defaults.
           policy = mkOption {
             type = str;
-            default = "-";
+            default = "ACCEPT";
           };
           rules = mkOption {
             type = nullOr (listOf (submodule ({
@@ -133,30 +134,9 @@ let
 #=====
 
   rules = iptables-version:
-    let
-      #TODO: find out good defaults.
-      tables-defaults = {
-        nat.PREROUTING.policy = "ACCEPT";
-        nat.INPUT.policy = "ACCEPT";
-        nat.OUTPUT.policy = "ACCEPT";
-        nat.POSTROUTING.policy = "ACCEPT";
-        filter.INPUT.policy = "ACCEPT";
-        filter.FORWARD.policy = "ACCEPT";
-        filter.OUTPUT.policy = "ACCEPT";
-
-        #if someone specifies any other rules on this chain, the default rules get lost.
-        #is this wanted beahiviour or a bug?
-        #TODO: implement abstraction of rules
-        filter.INPUT.rules = [
-          { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
-        ];
-      };
-      tables = tables-defaults // cfg.tables;
-
-    in
-      pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
-        ${buildTables iptables-version tables}
-      '';
+    pkgs.writeText "krebs-iptables-rules${iptables-version}" ''
+      ${buildTables iptables-version cfg.tables}
+    '';
 
   startScript = pkgs.writeDash "krebs-iptables_start" ''
     set -euf
-- 
cgit v1.2.3


From 61c38e4c2dca1c55d80b87bc7c09b00337ca9f38 Mon Sep 17 00:00:00 2001
From: lassulus <lass@aidsballs.de>
Date: Thu, 1 Dec 2016 16:57:29 +0100
Subject: k 3: remove Mic92 from eloop-ml

---
 krebs/3modules/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'krebs/3modules')

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 7f5d2c7b..bf09b742 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -155,14 +155,13 @@ let
           to = concatMapStringsSep "," (getAttr "mail") (toList to);
         };
       in mapAttrsToList format (with config.krebs.users; let
-        eloop-ml = spam-ml ++ [ ciko Mic92 ];
+        eloop-ml = spam-ml ++ [ ciko ];
         spam-ml = [
           lass
           makefu
           tv
         ];
         ciko.mail = "wieczorek.stefan@gmail.com";
-        Mic92.mail = "joerg@higgsboson.tk";
       in {
         "anmeldung@eloop.org" = eloop-ml;
         "cfp@eloop.org" = eloop-ml;
-- 
cgit v1.2.3