From a6a24892032d5fc34aad836fc414fa715f51cc58 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Wed, 18 Jan 2023 02:42:16 +0000
Subject: [PATCH] feat: allow dns requests into the skynet dns servers

---
 machines/vendetta.nix | 7 +++++++
 machines/vigil.nix    | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/machines/vendetta.nix b/machines/vendetta.nix
index a5c0472..877f2b7 100644
--- a/machines/vendetta.nix
+++ b/machines/vendetta.nix
@@ -25,6 +25,7 @@ let
 in {
   imports = [
     # applications for this particular server
+    ../applications/firewall.nix
     ../applications/dns.nix
   ];
 
@@ -41,6 +42,12 @@ in {
     };
   };
 
+  # open the firewall for this
+  skynet_firewall.forward = [
+    "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
+    "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
+  ];
+
   skynet_dns = {
     enable = true;
 
diff --git a/machines/vigil.nix b/machines/vigil.nix
index 0145ea6..cf0806a 100644
--- a/machines/vigil.nix
+++ b/machines/vigil.nix
@@ -24,6 +24,7 @@ let
 in {
   imports = [
     # applications for this particular server
+    ../applications/firewall.nix
     ../applications/dns.nix
   ];
 
@@ -40,6 +41,12 @@ in {
     };
   };
 
+  # open the firewall for this
+  skynet_firewall.forward = [
+    "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
+    "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
+  ];
+
   skynet_dns = {
     enable = true;