4 files changed, 32 insertions, 38 deletions

diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix
index dc27affe7..53e23dbee 100644
--- a/1systems/lass/cloudkrebs.nix
+++ b/1systems/lass/cloudkrebs.nix
@@ -5,6 +5,7 @@
     ../../2configs/tv/CAC-Developer-2.nix
     ../../2configs/tv/CAC-CentOS-7-64bit.nix
     ../../2configs/lass/base.nix
+    ../../2configs/lass/retiolum.nix
     {
       networking.interfaces.enp2s1.ip4 = [
         {
@@ -19,18 +20,6 @@
 
     }
     {
-      imports = [ ../../3modules/tv/retiolum.nix ];
-      tv.retiolum = {
-        enable = true;
-        hosts = ../../Zhosts;
-        connectTo = [
-          "fastpoke"
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
-    {
       imports = [ ../../3modules/tv/identity.nix ];
       tv.identity = {
         enable = true;
diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix
index 7e70be8c4..dacf7668e 100644
--- a/1systems/lass/mors.nix
+++ b/1systems/lass/mors.nix
@@ -20,19 +20,7 @@
     ../../2configs/lass/chromium-patched.nix
     ../../2configs/lass/git-repos.nix
     ../../2configs/tv/synaptics.nix
-    ../../2configs/tv/exim-retiolum.nix
-    {
-      imports = [ ../../3modules/tv/retiolum.nix ];
-      tv.retiolum = {
-        enable = true;
-        hosts = ../../Zhosts;
-        connectTo = [
-          "fastpoke"
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
+    ../../2configs/lass/retiolum.nix
     {
       imports = [ ../../3modules/tv/identity.nix ];
       tv.identity = {
diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix
index a5a0833dc..7a5da23e1 100644
--- a/1systems/lass/uriel.nix
+++ b/1systems/lass/uriel.nix
@@ -12,19 +12,7 @@ with builtins;
     ../../2configs/lass/bird.nix
     ../../2configs/lass/git-repos.nix
     ../../2configs/lass/chromium-patched.nix
-    ../../2configs/tv/exim-retiolum.nix
-    {
-      imports = [ ../../3modules/tv/retiolum.nix ];
-      tv.retiolum = {
-        enable = true;
-        hosts = ../../Zhosts;
-        connectTo = [
-          "fastpoke"
-          "gum"
-          "pigstarter"
-        ];
-      };
-    }
+    ../../2configs/lass/retiolum.nix
     {
       imports = [ ../../3modules/tv/identity.nix ];
       tv.identity = {
diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix
new file mode 100644
index 000000000..d1389ad2a
--- /dev/null
+++ b/2configs/lass/retiolum.nix
@@ -0,0 +1,29 @@
+{ ... }:
+
+{
+  imports = [
+    ../../3modules/lass/iptables.nix
+    ../../3modules/tv/retiolum.nix
+    ../../2configs/tv/exim-retiolum.nix
+  ];
+
+  lass.iptables = {
+    tables = {
+      filter.INPUT.rules = [
+        { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+        { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+        { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+      ];
+    };
+  };
+
+  tv.retiolum = {
+    enable = true;
+    hosts = ../../Zhosts;
+    connectTo = [
+      "fastpoke"
+      "cloudkrebs"
+      "pigstarter"
+    ];
+  };
+}