tv: open ssh port by default

tv/1systems/cd.nix

@@ -41,7 +41,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "tinc"
           "smtp"
           "xmpp-client"
@@ -58,10 +57,7 @@ with lib;
         "cgit.cd.krebsco.de"
         "cgit.cd.viljetic.de"
       ];
-    }
-    {
       # TODO make public_html also available to cd, cd.retiolum (AKA default)
-      tv.iptables.input-internet-accept-new-tcp = singleton "http";
       krebs.nginx.servers.public_html = {
         server-names = singleton "cd.viljetic.de";
         locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''

tv/1systems/nomic.nix

@@ -17,7 +17,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"

tv/1systems/wu.nix

@@ -129,7 +129,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"

tv/1systems/xu.nix

@@ -127,7 +127,6 @@ with lib;
       tv.iptables = {
         enable = true;
         input-internet-accept-new-tcp = [
-          "ssh"
           "http"
           "tinc"
           "smtp"

tv/2configs/default.nix

@@ -162,6 +162,10 @@ with lib;
       };
     }
 
+    {
+      tv.iptables.enable = true;
+    }
+
     {
       services.openssh = {
         enable = true;
@@ -169,6 +173,7 @@ with lib;
           { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
         ];
       };
+      tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
     }
 
     {