From 682858029ca812beecbbd7776f3f1e45ebb03739 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm@sourcephile.fr>
Date: Fri, 19 Jun 2020 18:59:57 +0200
Subject: [PATCH] shorewall: remove configs on losurdo

---
 servers/losurdo/acme/autogeree.net.nix  | 8 --------
 servers/losurdo/acme/sourcephile.fr.nix | 6 ------
 servers/losurdo/postgresql.nix          | 3 ---
 3 files changed, 17 deletions(-)

diff --git a/servers/losurdo/acme/autogeree.net.nix b/servers/losurdo/acme/autogeree.net.nix
index ae67d97..7a54d09 100644
--- a/servers/losurdo/acme/autogeree.net.nix
+++ b/servers/losurdo/acme/autogeree.net.nix
@@ -9,14 +9,6 @@ in
 systemd.services."acme-${domain}".after = [
   "unbound.service"
 ];
-services.shorewall.configs.rules = ''
-  # for lego to update ACME DNS-01 challenge
-  DNS(ACCEPT) $FW net:${servers.mermet.ipv4} 
-  # for lego to check DNS propagation on ns6.gandi.net
-  DNS(ACCEPT) $FW net:217.70.177.40 {user=${users.root.name}}
-  # for lego to check DNS propagation on ns0.muarf.org
-  DNS(ACCEPT) $FW net:78.192.65.63 {user=${users.root.name}}
-'';
 networking.nftables.ruleset = ''
   # for lego to update ACME DNS-01 challenge
   add rule inet filter fw2net ip daddr ${servers.mermet.ipv4} tcp dport 53 counter accept comment "DNS"
diff --git a/servers/losurdo/acme/sourcephile.fr.nix b/servers/losurdo/acme/sourcephile.fr.nix
index d609230..37d7454 100644
--- a/servers/losurdo/acme/sourcephile.fr.nix
+++ b/servers/losurdo/acme/sourcephile.fr.nix
@@ -9,12 +9,6 @@ in
 systemd.services."acme-${domain}".after = [
   "unbound.service"
 ];
-services.shorewall.configs.rules = ''
-  # for lego to update ACME DNS-01 challenge
-  DNS(ACCEPT) $FW net:${servers.mermet.ipv4} 
-  # for lego to check DNS propagation on ns6.gandi.net
-  DNS(ACCEPT) $FW net:217.70.177.40 {user=${users.root.name}}
-'';
 networking.nftables.ruleset = ''
   # for lego to update ACME DNS-01 challenge
   add rule inet filter fw2net tcp dport 53 ip daddr ${servers.mermet.ipv4} counter accept comment "DNS"
diff --git a/servers/losurdo/postgresql.nix b/servers/losurdo/postgresql.nix
index b27d1c0..4645ebf 100644
--- a/servers/losurdo/postgresql.nix
+++ b/servers/losurdo/postgresql.nix
@@ -8,9 +8,6 @@ in
 imports = [
   postgresql/openconcerto.nix
 ];
-services.shorewall.configs.rules = ''
-  PostgreSQL(ACCEPT) net $FW {rate=s:2/min:3}
-'';
 networking.nftables.ruleset = ''
   add rule inet filter net2fw tcp dport 5432 counter accept comment "PostgreSQL"
 '';
-- 
2.47.2