From cd1471871c1719f666d2971754d2ec7af25a2859 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Fri, 13 Dec 2024 07:55:21 +0100
Subject: refactor: move firewall config up

---
 nixos/tente-configuration.nix | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'nixos/tente-configuration.nix')

diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix
index 334089f..8254fb0 100644
--- a/nixos/tente-configuration.nix
+++ b/nixos/tente-configuration.nix
@@ -61,6 +61,13 @@
   #   enableSSHSupport = true;
   # };
 
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    # Enabling openssh automatically opens its port in the firewall.
+    # For all other services we need to manually list the ports here.
+  ];
+  networking.firewall.allowedUDPPorts = [];
+
   # List services that you want to enable:
 
   # Enable the OpenSSH daemon.
@@ -73,12 +80,6 @@
     dataDir = "/srv/gitolite";
   };
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.
-- 
cgit v1.2.3