Try getting firewall to work

somehow allowing ports does not have any effect.
Probably related to the Pi not being reboot save.

hosts/pulsebert/default.nix

@@ -43,19 +43,34 @@
 
   nix = {
     buildCores = 4;
-    maxJobs = 2;
+    maxJobs = 1;
   };
 
   networking = {
-    hostName = "pulsebert"; # Define your hostname.
+    firewall = {
+      # broken...
+      enable = false;
+      allowedTCPPorts = [
+        80 # nginx
+        443 # nginx
+        4713 # pulseaudio/pipewire network sync
+        # 5353 # mdns
+      ];
+      allowedUDPPorts = [
+        # 5353 # mdns
+        5355 # llmnr
+      ];
+    };
+    hostName = "pulsebert";
 
     # The global useDHCP flag is deprecated, therefore explicitly set to false here.
     # Per-interface useDHCP will be mandatory in the future, so this generated config
     # replicates the default behaviour.
     useDHCP = false;
-    interfaces.eth0.useDHCP = true;
-    interfaces.wlan0.useDHCP = true;
-    firewall.enable = false;
+    interfaces = {
+      eth0.useDHCP = true;
+      wlan0.useDHCP = true;
+    };
   };
 
   environment.systemPackages = with pkgs; [
@@ -173,5 +188,5 @@
     '';
   };
 
-  system.stateVersion = "21.05"; # Did you read the comment?
+  system.stateVersion = "21.05";
 }