Improve NixOS default firewall declaration

2025-11-10 21:46:08 +01:00 · 2025-11-10 21:46:08 +01:00 · 3c385724d0
parent cf18dcdb67
commit 3c385724d0
2 changed files with 5 additions and 4 deletions
--- a/hosts/vm/configuration.nix
+++ b/hosts/vm/configuration.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ ... }:

 {
  system.stateVersion = "25.05";
@ -51,6 +51,7 @@
  services.qemuGuest.enable = true;
  services.spice-vdagentd.enable = true;

+  networking.firewall.allowedTCPPorts = [ 22 ];
  services.openssh = {
    enable = true;
    harden = true;
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -7,8 +7,8 @@
      enable = true;
    };
  };
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 22 ];
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
  };
 }