refactor(firewall): Make services responsible for opening ports

2025-11-20 00:17:43 +08:00 · 2025-11-20 00:17:43 +08:00 · 3506a3710a
commit 3506a3710a
parent 2058665de0
9 changed files with 63 additions and 39 deletions
--- a/configuration/services/gitea.nix
+++ b/configuration/services/gitea.nix
@ -8,6 +8,11 @@ let
  domain = "gitea.${config.services.nginx.domain}";
 in
 {
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
  services = {
    forgejo = {
      enable = true;