diff --git a/machines/renge/configuration.nix b/machines/renge/configuration.nix index e59ed31..618da7f 100644 --- a/machines/renge/configuration.nix +++ b/machines/renge/configuration.nix @@ -23,7 +23,6 @@ ./services/psycho-power-papagei.de ./services/sbruder.xyz ./services/schabernack.nix - ./services/wordclock-dimmer.nix ]; sbruder = { diff --git a/machines/shinobu/configuration.nix b/machines/shinobu/configuration.nix index fd925a9..bbece12 100644 --- a/machines/shinobu/configuration.nix +++ b/machines/shinobu/configuration.nix @@ -7,6 +7,7 @@ ./services/co2_exporter.nix ./services/router ./services/snmp-exporter.nix + ./services/wordclock-dimmer.nix ]; sbruder = { diff --git a/machines/shinobu/services/router/rules.nft b/machines/shinobu/services/router/rules.nft index f551897..bb8ce46 100644 --- a/machines/shinobu/services/router/rules.nft +++ b/machines/shinobu/services/router/rules.nft @@ -27,7 +27,6 @@ table inet filter { iifname "br-lan" oifname $VLAN_BRIDGES counter accept; iifname $VLAN_BRIDGES oifname "br-lan" ct state established,related counter accept - iifname "br-iot" ip daddr 167.235.30.249 tcp dport 1883 counter accept # FIXME migrate service to shinobu iifname "br-iot" ip daddr @iot_ntp4 udp dport 123 counter accept iifname "br-iot" ip6 daddr @iot_ntp6 udp dport 123 counter accept iifname $NAT_WAN_IFACES oifname "br-iot" ct state established,related counter accept diff --git a/machines/renge/services/wordclock-dimmer.nix b/machines/shinobu/services/wordclock-dimmer.nix similarity index 88% rename from machines/renge/services/wordclock-dimmer.nix rename to machines/shinobu/services/wordclock-dimmer.nix index 371f114..441958f 100644 --- a/machines/renge/services/wordclock-dimmer.nix +++ b/machines/shinobu/services/wordclock-dimmer.nix @@ -22,7 +22,7 @@ in ]; }; - networking.firewall.allowedTCPPorts = [ 1883 ]; + networking.firewall.interfaces.br-iot.allowedTCPPorts = [ 1883 ]; services.wordclock-dimmer = { enable = true;