From 1136c6b10e3d12835ef796a031103b78d278f2c0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 10 Nov 2015 18:53:31 +0100
Subject: [PATCH] m 1 gum:update firewall

---
 1systems/gum.nix | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/1systems/gum.nix b/1systems/gum.nix
index a028145..3a01022 100644
--- a/1systems/gum.nix
+++ b/1systems/gum.nix
@@ -13,18 +13,36 @@ in {
       # ../2configs/iodined.nix
 
   ];
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.splashImage = null;
-  boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
-  boot.kernelModules = [ "kvm-intel" ];
+
   krebs.build.target = "root@gum.krebsco.de";
   krebs.build.host = config.krebs.hosts.gum;
 
+  # Hardware
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "pata_via" "uhci_hcd" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  # Network
+
   services.udev.extraRules = ''
     SUBSYSTEM=="net", ATTR{address}=="c8:0a:a9:c8:ee:dd", NAME="et0"
   '';
   networking = {
-    firewall.allowPing = true;
+  firewall = {
+      allowPing = true;
+      allowedTCPPorts = [
+        # smtp
+        25
+        # http
+        80 443
+        # tinc
+        655
+      ];
+      allowedUDPPorts = [
+        # tinc
+        655 53
+      ];
+    };
     interfaces.et0.ip4 = [{
       address = external-ip;
       prefixLength = 24;