From d98aa1c269b7db913bf2e66295025e31aa0e9f97 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Wed, 27 Mar 2024 21:36:47 +0100
Subject: [PATCH] fickit: Fix whitelist of remote sync IP

---
 fickit-frontend.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fickit-frontend.yml b/fickit-frontend.yml
index f20edb9e..809112bf 100644
--- a/fickit-frontend.yml
+++ b/fickit-frontend.yml
@@ -121,10 +121,11 @@ onboot:
 
   - name: firewall-frontal
     image: linuxkit/ip:v1.0.0
-    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6; [ -f /run/config/remote_sync/destination ] && /sbin/iptables -I OUTPUT 7 -o bond-frontal -d $(cat /run/config/remote_sync/destination | tr -d '\n') -p tcp -m tcp --dport https -J ACCEPT;" ]
+    command: ["/bin/bash", "-c", "/sbin/iptables-restore < /etc/iptables/rules-frontal.v4; /sbin/ip6tables-restore < /etc/iptables/rules.v6; [ -f /run/config/remote_sync/destination ] && /sbin/iptables -I OUTPUT 7 -o bond-frontal -d $(cat /run/config/remote_sync/destination | tr -d '\n') -p tcp -m tcp --dport https -j ACCEPT;" ]
     binds:
       - /etc/iptables/rules-frontal.v4:/etc/iptables/rules-frontal.v4:ro
       - /etc/iptables/rules.v6:/etc/iptables/rules.v6:ro
+      - /etc/resolv.conf:/etc/resolv.conf:ro
       - /run/config/remote_sync/:/run/config/remote_sync/:ro
     net: /run/netns/nginx
   - name: firewall-sshd