From d6571ac695fb3d66055f7f43e6b09a25ffa95ad2 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Sun, 7 Jan 2024 01:16:37 +0100
Subject: [PATCH] bacula: restrict port to agdsn networks

---
 modules/bacula.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/bacula.nix b/modules/bacula.nix
index d28e3a8..59815a4 100644
--- a/modules/bacula.nix
+++ b/modules/bacula.nix
@@ -5,7 +5,11 @@
     "bacula/keypair".owner = "bacula";
     "bacula/masterkey".owner = "bacula";
   };
-  networking.firewall.allowedTCPPorts = [ config.services.bacula-fd.port ];
+  networking.firewall = {
+    extraInputRules = ''
+      ip saddr 10.144.0.11 tcp dport ${config.services.bacula-fd.port} accept comment "Only allow Bacula access from Abel"
+    '';
+  };
   services.bacula-fd = {
     enable = true;
     name = "ifsr-quitte";