systemd.services."acme-${domain}".after = [
"unbound.service"
];
-services.shorewall.configs.rules = ''
- # for lego to update ACME DNS-01 challenge
- DNS(ACCEPT) $FW net:${servers.mermet.ipv4}
- # for lego to check DNS propagation on ns6.gandi.net
- DNS(ACCEPT) $FW net:217.70.177.40 {user=${users.root.name}}
- # for lego to check DNS propagation on ns0.muarf.org
- DNS(ACCEPT) $FW net:78.192.65.63 {user=${users.root.name}}
-'';
networking.nftables.ruleset = ''
# for lego to update ACME DNS-01 challenge
add rule inet filter fw2net ip daddr ${servers.mermet.ipv4} tcp dport 53 counter accept comment "DNS"
systemd.services."acme-${domain}".after = [
"unbound.service"
];
-services.shorewall.configs.rules = ''
- # for lego to update ACME DNS-01 challenge
- DNS(ACCEPT) $FW net:${servers.mermet.ipv4}
- # for lego to check DNS propagation on ns6.gandi.net
- DNS(ACCEPT) $FW net:217.70.177.40 {user=${users.root.name}}
-'';
networking.nftables.ruleset = ''
# for lego to update ACME DNS-01 challenge
add rule inet filter fw2net tcp dport 53 ip daddr ${servers.mermet.ipv4} counter accept comment "DNS"
imports = [
postgresql/openconcerto.nix
];
-services.shorewall.configs.rules = ''
- PostgreSQL(ACCEPT) net $FW {rate=s:2/min:3}
-'';
networking.nftables.ruleset = ''
add rule inet filter net2fw tcp dport 5432 counter accept comment "PostgreSQL"
'';
sourcephile / git / sourcephile-nix.git / commitdiff