From d80f9c1f7efa219f45058771d2ae319b6bfaf7a2 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Mon, 22 Jun 2015 15:24:09 +0200
Subject: tv: modularize iptables configuration

---
 modules/rmdir/default.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'modules/rmdir/default.nix')

diff --git a/modules/rmdir/default.nix b/modules/rmdir/default.nix
index e514e5d..9879fad 100644
--- a/modules/rmdir/default.nix
+++ b/modules/rmdir/default.nix
@@ -8,7 +8,6 @@ in
   imports =
     [
       <secrets/hashedPasswords.nix>
-      ./iptables.nix
       ./networking.nix
       ./users.nix
       ../common/nixpkgs.nix
@@ -18,6 +17,22 @@ in
       ../tv/git/public.nix
       ../tv/retiolum.nix
       ../tv/sanitize.nix
+      {
+        imports = [ ../tv/iptables ];
+        tv.iptables = {
+          enable = true;
+          input-internet-accept-new-tcp = [
+            "ssh"
+            "tinc"
+            "smtp"
+            "xmpp-client"
+            "xmpp-server"
+          ];
+          input-retiolum-accept-new-tcp = [
+            "http"
+          ];
+        };
+      }
     ];
 
   nix.maxJobs = 1;
-- 
cgit v1.2.3