From f0627eb800f4e589d28b9b636fe74a52aeee82cd Mon Sep 17 00:00:00 2001
From: Yves Dubromelle <root@latitude.dubronetwork.fr>
Date: Sat, 21 Jan 2017 23:57:51 +0100
Subject: [PATCH] nix-serve est disponible uniquement par tinc

---
 base/activation-manuelle/nix-serve-server.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/base/activation-manuelle/nix-serve-server.nix b/base/activation-manuelle/nix-serve-server.nix
index f9e633d..1a9e42d 100644
--- a/base/activation-manuelle/nix-serve-server.nix
+++ b/base/activation-manuelle/nix-serve-server.nix
@@ -19,9 +19,13 @@ mkIf cfg.nix-serve-server {
   # Réseau
   networking.firewall = {
     allowedTCPPorts = [
-      5000
+      #5000 # ouvert sur tinc
     ];
     allowedUDPPorts = [
     ];
+    extraCommands = ''
+      iptables  -A INPUT -i tinc.grudunet -p tcp --dport 5000 -j ACCEPT
+      ip6tables -A INPUT -i tinc.grudunet -p tcp --dport 5000 -j ACCEPT
+    '';
   };
 }