knot: add losurdo.sourcephile.fr

[sourcephile-nix.git] / servers / losurdo / production / shorewall.nix

diff --git a/servers/losurdo/production/shorewall.nix b/servers/losurdo/production/shorewall.nix
index 9aebe50af5d27ed0dc0654eadbf8569d162e6913..1c15b6dcee0372af25308cf0610863a170bf297d 100644 (file)
--- a/servers/losurdo/production/shorewall.nix
+++ b/servers/losurdo/production/shorewall.nix
@@ -2,19 +2,20 @@
 let
   inherit (builtins) hasAttr readFile;
   inherit (pkgs.lib) unlinesAttrs;
-  inherit (config) users;
+  inherit (config.users) users;
   inherit (config.services) shorewall shorewall6;
   fw2net = ''
     # By protocol
     Ping(ACCEPT)   $FW net
 
     # By port
-    DNS(ACCEPT)    $FW net {user=${users.users.unbound.name}}
+    DNS(ACCEPT)    $FW net {user=${users.unbound.name}}
     Git(ACCEPT)    $FW net
-    HKP(ACCEPT)    $FW net {user=${users.users.julm.name}}
+    HKP(ACCEPT)    $FW net {user=${users.julm.name}}
     HTTP(ACCEPT)   $FW net
     HTTPS(ACCEPT)  $FW net
-    IRCS(ACCEPT)   $FW net {user=${users.users.julm.name}}
+    IRCS(ACCEPT)   $FW net {user=${users.julm.name}}
+    NTP(ACCEPT)    $FW net {user=${users.systemd-timesync.name}}
     SMTP(ACCEPT)   $FW net
     SMTPS(ACCEPT)  $FW net
     SSH(ACCEPT)    $FW net