Fix ports firewall

2026-05-03 13:21:22 +02:00
parent 38350b91e1
commit c8cb980c15
3 changed files with 15 additions and 1 deletions
--- a/modules/nixos/system/network/base/default.nix
+++ b/modules/nixos/system/network/base/default.nix
@@ -4,6 +4,15 @@
    useDHCP = true;
    nameservers = [ "1.1.1.1" "9.9.9.9" ];

-    firewall = { enable = true; };
+    firewall = { 
+      enable = true;
+      allowedUDPPorts = 
+        (if config.syscfg.server ? wireguard then [ 1515 ] else [ ]) ++ 
+        [ ];
+
+      allowedTCPPorts = 
+        (if config.syscfg.server ? web       then [ 80 443 22 ] else [ ]) ++ 
+        [ ];
+    };
  };
 }
--- a/modules/shared/syscfg/default.nix
+++ b/modules/shared/syscfg/default.nix
@@ -118,6 +118,10 @@ let
      type = type.bool;
      default = false;
    };
+    web = mkOption {
+      type = type.bool;
+      default = false;
+    };
    nftables = {
      enable = mkOption {
        type = type.bool;
--- a/systems/gateway/cfg.nix
+++ b/systems/gateway/cfg.nix
@@ -29,6 +29,7 @@
    server = {
      openssh = true;
      wireguard = true;
+      web = true;
      nftables = {
        enable = true;
        ifs = ["ens3" "wg0" ];