summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/1systems/dishfire/config.nix1
-rw-r--r--lass/2configs/retiolum.nix10
2 files changed, 6 insertions, 5 deletions
diff --git a/lass/1systems/dishfire/config.nix b/lass/1systems/dishfire/config.nix
index 25e8759b1..416edeb82 100644
--- a/lass/1systems/dishfire/config.nix
+++ b/lass/1systems/dishfire/config.nix
@@ -88,7 +88,6 @@
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
- { predicate = "-p tcp --dport 993"; target = "ACCEPT"; }
];
}
];
diff --git a/lass/2configs/retiolum.nix b/lass/2configs/retiolum.nix
index e7779f53e..fb76c5735 100644
--- a/lass/2configs/retiolum.nix
+++ b/lass/2configs/retiolum.nix
@@ -1,12 +1,14 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
{
krebs.iptables = {
tables = {
- filter.INPUT.rules = [
- { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
- { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+ filter.INPUT.rules = let
+ tincport = toString config.krebs.build.host.nets.retiolum.tinc.port;
+ in [
+ { predicate = "-p tcp --dport ${tincport}"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport ${tincport}"; target = "ACCEPT"; }
];
};
};