Move nginx firewall ports

master
Sven Slootweg 3 years ago
parent 11ddc93640
commit 525845c534

@ -207,8 +207,6 @@ in {
}) })
]; ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.borgbackup.jobs.system = { services.borgbackup.jobs.system = {
paths = "/"; paths = "/";
exclude = [ exclude = [
@ -275,8 +273,6 @@ in {
users.groups.git = {}; users.groups.git = {};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks # NOTE: Workaround that removes `setuid` from the disallowed syscall list, because otherwise sendmail/opensmtpd breaks
# systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap"; # systemd.services.gitea.serviceConfig.SystemCallFilter = lib.mkForce "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @swap";

@ -14,4 +14,9 @@ hosts: { lib, ... }:
}; };
} // mapMkMerge hosts; } // mapMkMerge hosts;
}; };
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
];
} }

Loading…
Cancel
Save