summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--1systems/lass/cloudkrebs.nix13
-rw-r--r--1systems/lass/mors.nix14
-rw-r--r--1systems/lass/uriel.nix14
-rw-r--r--2configs/lass/retiolum.nix29
4 files changed, 32 insertions, 38 deletions
diff --git a/1systems/lass/cloudkrebs.nix b/1systems/lass/cloudkrebs.nix
index dc27affe7..53e23dbee 100644
--- a/1systems/lass/cloudkrebs.nix
+++ b/1systems/lass/cloudkrebs.nix
@@ -5,6 +5,7 @@
../../2configs/tv/CAC-Developer-2.nix
../../2configs/tv/CAC-CentOS-7-64bit.nix
../../2configs/lass/base.nix
+ ../../2configs/lass/retiolum.nix
{
networking.interfaces.enp2s1.ip4 = [
{
@@ -19,18 +20,6 @@
}
{
- imports = [ ../../3modules/tv/retiolum.nix ];
- tv.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "fastpoke"
- "gum"
- "pigstarter"
- ];
- };
- }
- {
imports = [ ../../3modules/tv/identity.nix ];
tv.identity = {
enable = true;
diff --git a/1systems/lass/mors.nix b/1systems/lass/mors.nix
index 7e70be8c4..dacf7668e 100644
--- a/1systems/lass/mors.nix
+++ b/1systems/lass/mors.nix
@@ -20,19 +20,7 @@
../../2configs/lass/chromium-patched.nix
../../2configs/lass/git-repos.nix
../../2configs/tv/synaptics.nix
- ../../2configs/tv/exim-retiolum.nix
- {
- imports = [ ../../3modules/tv/retiolum.nix ];
- tv.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "fastpoke"
- "gum"
- "pigstarter"
- ];
- };
- }
+ ../../2configs/lass/retiolum.nix
{
imports = [ ../../3modules/tv/identity.nix ];
tv.identity = {
diff --git a/1systems/lass/uriel.nix b/1systems/lass/uriel.nix
index a5a0833dc..7a5da23e1 100644
--- a/1systems/lass/uriel.nix
+++ b/1systems/lass/uriel.nix
@@ -12,19 +12,7 @@ with builtins;
../../2configs/lass/bird.nix
../../2configs/lass/git-repos.nix
../../2configs/lass/chromium-patched.nix
- ../../2configs/tv/exim-retiolum.nix
- {
- imports = [ ../../3modules/tv/retiolum.nix ];
- tv.retiolum = {
- enable = true;
- hosts = ../../Zhosts;
- connectTo = [
- "fastpoke"
- "gum"
- "pigstarter"
- ];
- };
- }
+ ../../2configs/lass/retiolum.nix
{
imports = [ ../../3modules/tv/identity.nix ];
tv.identity = {
diff --git a/2configs/lass/retiolum.nix b/2configs/lass/retiolum.nix
new file mode 100644
index 000000000..d1389ad2a
--- /dev/null
+++ b/2configs/lass/retiolum.nix
@@ -0,0 +1,29 @@
+{ ... }:
+
+{
+ imports = [
+ ../../3modules/lass/iptables.nix
+ ../../3modules/tv/retiolum.nix
+ ../../2configs/tv/exim-retiolum.nix
+ ];
+
+ lass.iptables = {
+ tables = {
+ filter.INPUT.rules = [
+ { predicate = "-p tcp --dport smtp"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport tinc"; target = "ACCEPT"; }
+ { predicate = "-p udp --dport tinc"; target = "ACCEPT"; }
+ ];
+ };
+ };
+
+ tv.retiolum = {
+ enable = true;
+ hosts = ../../Zhosts;
+ connectTo = [
+ "fastpoke"
+ "cloudkrebs"
+ "pigstarter"
+ ];
+ };
+}