l retiolum: open configured tinc port

author: lassulus <lassulus@lassul.us> 2017-09-19 11:51:22 +0200
committer: lassulus <lassulus@lassul.us> 2017-09-19 11:58:46 +0200
commit: 2d1160c0623461ea94d2f573d114909b64ab2b4d (patch)
tree: a4c7aee1caa973f0fb4680be8339a66ed9e7c008 /lass
parent: c83cd3492a180e41c071e31ae8e4225b5c2083fc (diff)
2 files changed, 6 insertions, 5 deletions
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 25e8759b1..416edeb82 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -88,7 +88,6 @@
       };
       krebs.iptables.tables.filter.INPUT.rules = [
         { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
-        { predicate = "-p tcp --dport 993"; target = "ACCEPT"; }
       ];
     }
   ];
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index e7779f53e..fb76c5735 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -1,12 +1,14 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
 
   krebs.iptables = {
     tables = {
-      filter.INPUT.rules = [
-        { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
-        { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+      filter.INPUT.rules = let
+        tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
+      in [
+        { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
       ];
     };
   };
author	lassulus <lassulus@lassul.us>	2017-09-19 11:51:22 +0200
committer	lassulus <lassulus@lassul.us>	2017-09-19 11:58:46 +0200
commit	2d1160c0623461ea94d2f573d114909b64ab2b4d (patch)
tree	a4c7aee1caa973f0fb4680be8339a66ed9e7c008 /lass
parent	c83cd3492a180e41c071e31ae8e4225b5c2083fc (diff)