3 files changed, 16 insertions, 3 deletions

diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index d1810c00c..2441f1b74 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -202,6 +202,7 @@ with import <stockholm/lib>;
       filter.INPUT.rules = [
         { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
         { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+        { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false;  precedence = 10000; }
         { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
         { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
         { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 024d2eeb2..3a8979427 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -110,7 +110,10 @@ in {
     '';
 
     enableSSL = true;
-    extraConfig = "listen 80;";
+    extraConfig = ''
+      listen 80;
+      listen [::]:80;
+    '';
     sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
     sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
   };
@@ -123,7 +126,10 @@ in {
       root /var/lib/acme/acme-challenges;
     '';
     enableSSL = true;
-    extraConfig = "listen 80;";
+    extraConfig = ''
+      listen 80;
+      listen [::]:80;
+    '';
     sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
     sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
   };
diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix
index 6e236ab63..d596e9db9 100644
--- a/lass/2configs/websites/util.nix
+++ b/lass/2configs/websites/util.nix
@@ -17,7 +17,10 @@ rec {
       services.nginx.virtualHosts.${domain} = {
         enableACME = true;
         enableSSL = true;
-        extraConfig = "listen 80;";
+        extraConfig = ''
+          listen 80;
+          listen [::]:80;
+        '';
         serverAliases = domains;
         locations."/".extraConfig = ''
           root /srv/http/${domain};
@@ -35,6 +38,7 @@ rec {
         serverAliases = domains;
         extraConfig = ''
           listen 80;
+          listen [::]:80;
 
           # Add headers to serve security related headers
           add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
@@ -148,6 +152,8 @@ rec {
         serverAliases = domains;
         extraConfig = ''
           listen 80;
+          listen [::]:80;
+
           root /srv/http/${domain}/;
           index index.php;
           access_log /tmp/nginx_acc.log;