cd: redistribute iptable rules

author: tv <tv@krebsco.de> 2016-02-01 17:56:10 +0100
committer: tv <tv@krebsco.de> 2016-02-01 17:56:10 +0100
commit: 0c1a2d11b18c73ddc7fdb429e0d09dcffa3906f8 (patch)
tree: 284d22bc2245539e64df28107407ab4e6b2f437b
parent: b58f37ce3833b7800c0a9ec83367dc888ea571b3 (diff)
1 files changed, 5 insertions, 15 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index 1d9457600..27e94aef0 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -31,6 +31,10 @@ with lib;
         enable = true;
         hosts = [ "jabber.viljetic.de" ];
       };
+      tv.iptables.input-internet-accept-new-tcp = [
+        "xmpp-client"
+        "xmpp-server"
+      ];
     }
     {
       krebs.github-hosts-sync.enable = true;
@@ -38,19 +42,6 @@ with lib;
         singleton config.krebs.github-hosts-sync.port;
     }
     {
-      tv.iptables = {
-        enable = true;
-        input-internet-accept-new-tcp = [
-          "xmpp-client"
-          "xmpp-server"
-        ];
-        input-retiolum-accept-new-tcp = [
-          "http"
-        ];
-      };
-    }
-    {
-      tv.iptables.input-internet-accept-new-tcp = singleton "http";
       krebs.nginx.servers.cgit.server-names = [
         "cgit.cd.krebsco.de"
         "cgit.cd.viljetic.de"
@@ -62,8 +53,6 @@ with lib;
           alias /home/$1/public_html$2;
         '');
       };
-    }
-    {
       krebs.nginx.servers.viljetic = {
         server-names = singleton "viljetic.de";
         # TODO directly set root (instead via location)
@@ -71,6 +60,7 @@ with lib;
           root ${pkgs.viljetic-pages};
         '');
       };
+      tv.iptables.input-internet-accept-new-tcp = singleton "http";
     }
   ];
author	tv <tv@krebsco.de>	2016-02-01 17:56:10 +0100
committer	tv <tv@krebsco.de>	2016-02-01 17:56:10 +0100
commit	0c1a2d11b18c73ddc7fdb429e0d09dcffa3906f8 (patch)
tree	284d22bc2245539e64df28107407ab4e6b2f437b
parent	b58f37ce3833b7800c0a9ec83367dc888ea571b3 (diff)