cd: redistribute iptable rules

author: tv <tv@krebsco.de> 2016-02-01 17:56:10 +0100
committer: tv <tv@krebsco.de> 2016-02-01 17:56:10 +0100
commit: b46ae14ab1eb05060a1af44cc04ea94499d605e5 (patch)
tree: f9a7262fe78835101af9b615ed64b5deef06bf41
parent: eda65468603c6f3370840274efdcdf14f42d82f2 (diff)
1 files changed, 5 insertions, 15 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1d94576..27e94ae 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -31,6 +31,10 @@ with lib;
         enable = true;
         hosts = [ "jabber.viljetic.de" ];
       };
+      tv.iptables.input-internet-accept-new-tcp = [
+        "xmpp-client"
+        "xmpp-server"
+      ];
     }
     {
       krebs.github-hosts-sync.enable = true;
@@ -38,19 +42,6 @@ with lib;
         singleton config.krebs.github-hosts-sync.port;
     }
     {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "xmpp-client"
-          "xmpp-server"
-        ];
-        input-retiolum-accept-new-tcp = [
-          "http"
-        ];
-      };
-    }
-    {
-      tv.iptables.input-internet-accept-new-tcp = singleton "http";
       krebs.nginx.servers.cgit.server-names = [
         "cgit.cd.krebsco.de"
         "cgit.cd.viljetic.de"
@@ -62,8 +53,6 @@ with lib;
           alias /home/$1/public_html$2;
         '');
       };
-    }
-    {
       krebs.nginx.servers.viljetic = {
         server-names = singleton "viljetic.de";
         # TODO directly set root (instead via location)
@@ -71,6 +60,7 @@ with lib;
           root ${pkgs.viljetic-pages};
         '');
       };
+      tv.iptables.input-internet-accept-new-tcp = singleton "http";
     }
   ];
author	tv <tv@krebsco.de>	2016-02-01 17:56:10 +0100
committer	tv <tv@krebsco.de>	2016-02-01 17:56:10 +0100
commit	b46ae14ab1eb05060a1af44cc04ea94499d605e5 (patch)
tree	f9a7262fe78835101af9b615ed64b5deef06bf41
parent	eda65468603c6f3370840274efdcdf14f42d82f2 (diff)