enable firewalls

author: Max Audron <audron@cocaine.farm> 2025-07-30 16:53:40 +0200
committer: Max Audron <audron@cocaine.farm> 2025-07-30 16:53:40 +0200
commit: 80abf0577c962e8d5a71e586f020953f939d90c6 (patch)
tree: dac85c2a5d5d99cbb2fb61824924ddbe8a113042 /modules/common/networking.nix
parent: add initial prometheus deployment (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 63c0d89..0a7b3f7 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -11,6 +11,13 @@
     dhcpcd.extraConfig = ''
       nohook resolv.conf
     '';
+
+    firewall = {
+      enable = true;
+      trustedInterfaces = ["wg0"];
+      allowedTCPPorts = [ 80 443 ];
+    };
+    nftables.enable = true;
   };
 
   systemd.services = {
author	Max Audron <audron@cocaine.farm>	2025-07-30 16:53:40 +0200
committer	Max Audron <audron@cocaine.farm>	2025-07-30 16:53:40 +0200
commit	80abf0577c962e8d5a71e586f020953f939d90c6 (patch)
tree	dac85c2a5d5d99cbb2fb61824924ddbe8a113042 /modules/common/networking.nix
parent	add initial prometheus deployment (diff)