From 752d0a1ad184858b48c2fe109e019977ca5ea5cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laure=CE=B7t?= <laurent@fainsin.bzh>
Date: Sat, 30 Dec 2023 18:32:58 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20(hydrogen)=20declare=20the=20fir?=
 =?UTF-8?q?ewall's=20allowedTCPPorts=20in=20the=20services=20(openssh's=20?=
 =?UTF-8?q?port=20is=20automatically=20opened=20by=20the=20module)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hosts/hydrogen/services/default.nix          | 7 +++++++
 hosts/hydrogen/system/networking/default.nix | 9 ---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/hosts/hydrogen/services/default.nix b/hosts/hydrogen/services/default.nix
index 03b36fd..dbf16f3 100644
--- a/hosts/hydrogen/services/default.nix
+++ b/hosts/hydrogen/services/default.nix
@@ -6,4 +6,11 @@
     ./nginx
     ./ssh
   ];
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      80 # http
+      443 # https / tls
+    ];
+  };
 }
diff --git a/hosts/hydrogen/system/networking/default.nix b/hosts/hydrogen/system/networking/default.nix
index 5affbdf..e99c7f5 100644
--- a/hosts/hydrogen/system/networking/default.nix
+++ b/hosts/hydrogen/system/networking/default.nix
@@ -8,14 +8,5 @@
 
     # domain name servers, use clouflare family
     nameservers = ["1.1.1.2" "1.0.0.2"];
-
-    # TODO: bouger ça à côté des applications
-    firewall = {
-      allowedTCPPorts = [
-        624 # ssh
-        80 # http
-        443 # https
-      ];
-    };
   };
 }