refactor(firewall): Make services responsible for opening ports

2025-11-20 00:17:43 +08:00 · 2025-11-20 00:17:43 +08:00 · 6bedb95929
commit 6bedb95929
parent 12790d5444
9 changed files with 63 additions and 39 deletions
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@ -3,6 +3,11 @@ let
  inherit (config.services.nginx) domain;
 in
 {
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
  services.tlaternet-webserver = {
    enable = true;
    listen = {