add nginx firewall stuff

2023-12-22 20:23:23 -05:00 · 2023-12-22 20:23:23 -05:00 · 2ea0070ca1
commit 2ea0070ca1
parent 9431224665
2 changed files with 8 additions and 2 deletions
--- a/nixos/features/nginx.nix
+++ b/nixos/features/nginx.nix
@ -1,7 +1,7 @@
 {pkgs, ...}: {
  services.nginx = {
    enable = true;
-    recommendedTlsSettings = true;
+    #recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedBrotliSettings = true;
    recommendedGzipSettings = true;
@ -13,4 +13,10 @@
    acceptTerms = true;
    defaults.email = "acme@kat.cafe";
  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+    allowedUDPPorts = [ 443 ];
+  };
 }
--- a/nixos/features/podman.nix
+++ b/nixos/features/podman.nix
@ -11,7 +11,7 @@
  };

  networking.firewall = {
-    # interfaces.podman0.allowedUDPPorts = [ 53 ];
+    interfaces.podman0.allowedUDPPorts = [ 53 ];
    trustedInterfaces = [ "podman0" ];
  };