diff options
-rw-r--r-- | 1systems/lass/cloudkrebs.nix | 13 | ||||
-rw-r--r-- | 1systems/lass/mors.nix | 14 | ||||
-rw-r--r-- | 1systems/lass/uriel.nix | 14 | ||||
-rw-r--r-- | 2configs/lass/retiolum.nix | 29 |
4 files changed, 32 insertions, 38 deletions
diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix index dc27affe7..53e23dbee 100644 --- a/1systems/lass/cloudkrebs.nix +++ b/1systems/lass/cloudkrebs.nix @@ -5,6 +5,7 @@ ../../2configs/tv/CAC-Developer-2.nix ../../2configs/tv/CAC-CentOS-7-64bit.nix ../../2configs/lass/base.nix + ../../2configs/lass/retiolum.nix { networking.interfaces.enp2s1.ip4 = [ { @@ -19,18 +20,6 @@ } { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } - { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { enable = true; diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix index 7e70be8c4..dacf7668e 100644 --- a/1systems/lass/mors.nix +++ b/1systems/lass/mors.nix @@ -20,19 +20,7 @@ ../../2configs/lass/chromium-patched.nix ../../2configs/lass/git-repos.nix ../../2configs/tv/synaptics.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix index a5a0833dc..7a5da23e1 100644 --- a/1systems/lass/uriel.nix +++ b/1systems/lass/uriel.nix @@ -12,19 +12,7 @@ with builtins; ../../2configs/lass/bird.nix ../../2configs/lass/git-repos.nix ../../2configs/lass/chromium-patched.nix - ../../2configs/tv/exim-retiolum.nix - { - imports = [ ../../3modules/tv/retiolum.nix ]; - tv.retiolum = { - enable = true; - hosts = ../../Zhosts; - connectTo = [ - "fastpoke" - "gum" - "pigstarter" - ]; - }; - } + ../../2configs/lass/retiolum.nix { imports = [ ../../3modules/tv/identity.nix ]; tv.identity = { diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix new file mode 100644 index 000000000..d1389ad2a --- /dev/null +++ b/2configs/lass/retiolum.nix @@ -0,0 +1,29 @@ +{ ... }: + +{ + imports = [ + ../../3modules/lass/iptables.nix + ../../3modules/tv/retiolum.nix + ../../2configs/tv/exim-retiolum.nix + ]; + + lass.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; } + { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; } + { predicate = "-p udp --dport tinc"; target = "ACCEPT"; } + ]; + }; + }; + + tv.retiolum = { + enable = true; + hosts = ../../Zhosts; + connectTo = [ + "fastpoke" + "cloudkrebs" + "pigstarter" + ]; + }; +} |