From 878a457c838259fdeb0a16aeeadd5fe7cd68a8c0 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Mon, 29 Mar 2021 22:53:19 +0100
Subject: [PATCH] blade-{paris,tuvok}: allow IPv6 VRRP as well...

---
 ops/nixos/blade-paris/default.nix | 5 ++++-
 ops/nixos/blade-tuvok/default.nix | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ops/nixos/blade-paris/default.nix b/ops/nixos/blade-paris/default.nix
index f9efeef89f..a283dfce66 100644
--- a/ops/nixos/blade-paris/default.nix
+++ b/ops/nixos/blade-paris/default.nix
@@ -64,7 +64,10 @@ in {
     }];
     defaultGateway = internetAddresses.v4.remote;
     defaultGateway6 = internetAddresses.v6.remote;
-    firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
+    firewall.extraCommands = ''
+      iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+      ip6tables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+    '';
   };
   my.ip.tailscale = "100.117.185.118";
   my.blade.bay = 2;
diff --git a/ops/nixos/blade-tuvok/default.nix b/ops/nixos/blade-tuvok/default.nix
index 5d233b2a1e..607a63bbd4 100644
--- a/ops/nixos/blade-tuvok/default.nix
+++ b/ops/nixos/blade-tuvok/default.nix
@@ -66,7 +66,10 @@ in {
     defaultGateway = internetAddresses.v4.remote;
     defaultGateway6 = internetAddresses.v6.remote;
     firewall.allowedTCPPorts = [ 80 443 ];
-    firewall.extraCommands = "iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT";
+    firewall.extraCommands = ''
+      iptables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+      ip6tables -A INPUT -p vrrp -i br-mgmt -j ACCEPT
+    '';
   };
   my.ip.tailscale = "100.119.123.33";
   my.blade.bay = 6;