3 files changed, 5 insertions, 2 deletions

diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index 4b99873a1..bb06a9388 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -124,7 +124,7 @@ let
 
       buildRule = tn: cn: rule:
         #target validation test:
-        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target;
+        assert (elem rule.target ([ "ACCEPT" "REJECT" "DROP" "QUEUE" "LOG" "RETURN" ] ++ (attrNames ts."${tn}"))) || hasPrefix "REDIRECT" rule.target || hasPrefix "DNAT" rule.target;
 
         #predicate validation test:
         #maybe use iptables-test
diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix
index 03e067f35..65da85ac4 100644
--- a/krebs/3modules/lass/default.nix
+++ b/krebs/3modules/lass/default.nix
@@ -311,5 +311,8 @@ with config.krebs.lib;
       pubkey = builtins.readFile ./ssh/shodan.rsa;
       pgp.pubkeys.default = builtins.readFile ./pgp/shodan.pgp;
     };
+    fritz = {
+      pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz34435NSXgj72YAOL4cIlRq/4yInKEyL9no+gymURoW5x1nkYpP0EK331e7UyQQSOdWOogRo6d7YHcFqNlYWv5xlYcHucIhgJwC4Zda1liVA+v7tSOJz2BjmFvOT3/qlcPS69f3zdLHZooz2C33uHX1FgGRXlxiA8dpqGnSr8o76QLZjuQkuDqr8reOspjO/RHCo2Moq0Xm5q9OgN1WLAZzupqt9A5lx567mRzYsRAr23pUxVN8T/tSCgDlPe4ktEjYX9CXLKfMyh9WuBVi+AuH4GFEWBT+AMpsHeF45w+w956x56mz0F5nYOQNK87gFr+Jr+mh2AF1ot2CxzrfTb fritz@scriptkiddiT540";
+    };
   };
 }
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 6af93a570..fc7fcca6f 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -119,7 +119,7 @@ let
 
   to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
     server {
-      server_name ${toString server-names};
+      server_name ${toString (unique server-names)};
       ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
       ${optionalString ssl.enable (indent ''
         listen 443 ssl;