From 2d1160c0623461ea94d2f573d114909b64ab2b4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 19 Sep 2017 11:51:22 +0200 Subject: l retiolum: open configured tinc port --- lass/1systems/dishfire/config.nix | 1 - lass/2configs/retiolum.nix | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix index 25e8759b1..416edeb82 100644 --- a/lass/1systems/dishfire/config.nix +++ b/lass/1systems/dishfire/config.nix @@ -88,7 +88,6 @@ }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 993"; target = "ACCEPT"; } ]; } ]; diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix index e7779f53e..fb76c5735 100644 --- a/lass/2configs/retiolum.nix +++ b/lass/2configs/retiolum.nix @@ -1,12 +1,14 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { krebs.iptables = { tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } - { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + filter.INPUT.rules = let + tincport = toString config.krebs.build.host.nets.retiolum.tinc.port; + in [ + { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; } + { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; } ]; }; }; -- cgit v1.2.3