From 8acf89ffdb51e4727abe7538c89f854329ef7fa3 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 15 Sep 2021 21:23:29 +0200
Subject: [PATCH] l prism.r: add docker workaround for mumble-web firewall

---
 lass/1systems/prism/config.nix | 1 +
 lass/2configs/docker.nix       | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 lass/2configs/docker.nix

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 3a6ab25a4..d43fb804a 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -277,6 +277,7 @@ with import <stockholm/lib>;
       ];
     }
     <stockholm/lass/2configs/murmur.nix>
+    <stockholm/lass/2configs/docker.nix>
     {
       systemd.services."container@yellow".reloadIfChanged = mkForce false;
       containers.yellow = {
diff --git a/lass/2configs/docker.nix b/lass/2configs/docker.nix
new file mode 100644
index 000000000..2bc3a2361
--- /dev/null
+++ b/lass/2configs/docker.nix
@@ -0,0 +1,6 @@
+{ pkgs, lib, config, ... }:
+{
+  systemd.services.krebs-iptables.serviceConfig.ExecStartPost = pkgs.writeDash "kick_docker" ''
+    ${pkgs.systemd}/bin/systemctl restart docker.service
+  '';
+}