add nginx firewall stuff

nixos/features/nginx.nix

@@ -1,7 +1,7 @@
 {pkgs, ...}: {
   services.nginx = {
     enable = true;
-    recommendedTlsSettings = true;
+    #recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedBrotliSettings = true;
     recommendedGzipSettings = true;
@@ -13,4 +13,10 @@
     acceptTerms = true;
     defaults.email = "acme@kat.cafe";
   };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 443 ];
+  };
 }

nixos/features/podman.nix

@@ -11,7 +11,7 @@
   };
 
   networking.firewall = {
-    # interfaces.podman0.allowedUDPPorts = [ 53 ];
+    interfaces.podman0.allowedUDPPorts = [ 53 ];
     trustedInterfaces = [ "podman0" ];
   };