From 779d5401b6f061a0a820879d560020f775b67114 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 17 Mar 2022 11:24:06 +0100
Subject: [PATCH] deployment: configure firewall for nginx ingress

---
 deployment/hosts/beherbergung-warhelp/configuration.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/deployment/hosts/beherbergung-warhelp/configuration.nix b/deployment/hosts/beherbergung-warhelp/configuration.nix
index 3c0a9a7..0f54c21 100644
--- a/deployment/hosts/beherbergung-warhelp/configuration.nix
+++ b/deployment/hosts/beherbergung-warhelp/configuration.nix
@@ -4,7 +4,6 @@
 
   networking.hostName = "beherbergung-warhelp";
 
-
   ## The next part is copied from https://github.com/Mic92/dotfiles/commit/be6b898e8fbd12716cce380d8f3889a926003990
 
   imports = [
@@ -19,6 +18,11 @@
   networking.useDHCP = false;
   networking.useHostResolvConf = false;
 
+  # allow nginx of the host to access frontend and backend
+  networking.firewall.extraCommands = ''
+    ip6tables -I nixos-fw -p tcp -s 2a01:4f8:10b:49f::/64 -m multiport --dports 3000,4000 -j nixos-fw-accept
+  '';
+
   systemd.network.networks."50-container-host0.network".extraConfig = ''
     [Match]
     Virtualization = container
@@ -42,7 +46,6 @@
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302"
   ];
 
-
   ## Service specific configuration
 
   users.users."beherbergung" = {