Merge pull request #12 from Mic92/nginx

deployment: configure firewall for nginx ingress

deployment/hosts/beherbergung-warhelp/configuration.nix

@@ -4,7 +4,6 @@
 
   networking.hostName = "beherbergung-warhelp";
 
-
   ## The next part is copied from https://github.com/Mic92/dotfiles/commit/be6b898e8fbd12716cce380d8f3889a926003990
 
   imports = [
@@ -19,6 +18,11 @@
   networking.useDHCP = false;
   networking.useHostResolvConf = false;
 
+  # allow nginx of the host to access frontend and backend
+  networking.firewall.extraCommands = ''
+    ip6tables -I nixos-fw -p tcp -s 2a01:4f8:10b:49f::/64 -m multiport --dports 3000,4000 -j nixos-fw-accept
+  '';
+
   systemd.network.networks."50-container-host0.network".extraConfig = ''
     [Match]
     Virtualization = container
@@ -42,7 +46,6 @@
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302"
   ];
 
-
   ## Service specific configuration
 
   users.users."beherbergung" = {