From 80abf0577c962e8d5a71e586f020953f939d90c6 Mon Sep 17 00:00:00 2001
From: Max Audron <audron@cocaine.farm>
Date: Wed, 30 Jul 2025 16:53:40 +0200
Subject: enable firewalls

---
 modules/common/default.nix    | 2 +-
 modules/common/networking.nix | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'modules/common')

diff --git a/modules/common/default.nix b/modules/common/default.nix
index 4a2bfd3..ed45914 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -20,10 +20,10 @@
   nixpkgs.config.allowUnfree = true;
 
   # Security
-  networking.firewall.enable = false;
   security.sudo.wheelNeedsPassword = false;
   services.openssh = {
     enable = true;
+    openFirewall = true;
     settings = {
       PasswordAuthentication = false;
       PermitRootLogin = "no";
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index 63c0d89..0a7b3f7 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -11,6 +11,13 @@
     dhcpcd.extraConfig = ''
       nohook resolv.conf
     '';
+
+    firewall = {
+      enable = true;
+      trustedInterfaces = ["wg0"];
+      allowedTCPPorts = [ 80 443 ];
+    };
+    nftables.enable = true;
   };
 
   systemd.services = {
-- 
cgit v1.2.3