Enable firewall everywhere

hosts/dacbert/default.nix

@@ -107,7 +107,6 @@ in
     hostName = "dacbert"; # Define your hostname.
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
-    firewall.enable = false;
   };
 
   nix = {

hosts/freifunk/default.nix

@@ -84,7 +84,6 @@ in {
   networking.hostName = "freifunk";
   networking.useNetworkd = true;
   networking.nameservers = [ "172.20.73.8" "9.9.9.9" ];
-  networking.firewall.enable = false;
   networking.nat = {
     enable = true;
     # This doesn't really work, hence the `extraCommands`

hosts/gnunet/default.nix

@@ -8,10 +8,7 @@
     mem = 1024;
   };
 
-  networking = {
-    hostName = "gnunet";
-    firewall.enable = false;
-  };
+  networking.hostName = "gnunet";
 
   services.gnunet = {
     enable = true;

hosts/hydra/default.nix

@@ -145,7 +145,6 @@ in
   networking = {
     hostId = "3f0c4ec4";
     hostName = "hydra";
-    firewall.enable = false;
     nameservers = [ "172.20.73.8" "9.9.9.9" ];
     # nat = {
     #   enable = true;

hosts/jabber/default.nix

@@ -15,24 +15,25 @@ in
 
   networking = {
     hostName = "jabber";
-    firewall.allowedTCPPorts = [
-      # Prosody
-      5222
-      5223
-      5269
-      80
-      5280
-      443
-      5281
-      # Coturn
-      3478
-      3479
-    ];
-    firewall.allowedUDPPorts = [
-      # Coturn
-      3478
-      3479
-    ];
+    firewall = {
+      allowedTCPPorts = [
+        # Prosody
+        5222
+        5223
+        5269
+        80
+        5280
+        443
+        5281
+        # Coturn
+        3478
+        3479
+      ];
+      allowedUDPPorts = [
+        # Coturn
+        3478
+        3479
+      ];
     # TODO: allowedSCTPPorts
   };
 

hosts/nfsroot/default.nix

@@ -32,11 +32,7 @@ in {
     "/${export}".options = [ "relatime" "discard" ];
   }) {} nfsExports;
 
-  networking = {
-    hostName = "nfsroot";
-
-    firewall.enable = false;
-  };
+  networking.hostName = "nfsroot";
 
   system.stateVersion = "22.05";
 }

hosts/nfsroot/tftp.nix

@@ -1,8 +1,6 @@
 { tftproots, pkgs, ... }:
 
 {
-  networking.firewall.enable = false;
-
   # raspberrypi boot
   services.atftpd = {
     enable = true;

hosts/nncp/default.nix

@@ -20,10 +20,7 @@
 
   system.stateVersion = "22.05";
 
-  networking = {
-    hostName = "nncp";
-    firewall.enable = false;
-  };
+  networking.hostName = "nncp";
 
   programs.nncp = {
     enable = true;

hosts/radiobert/default.nix

@@ -98,7 +98,6 @@
       prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
     }];
     defaultGateway = "172.20.73.1";
-    firewall.enable = false;
     nameservers = [ "172.20.73.8" "9.9.9.9" ];
   };
 

hosts/rpi-netboot/default.nix

@@ -27,7 +27,6 @@
     hostName = "rpi-netboot";
     useDHCP = false;
     interfaces.eth0.useDHCP = true;
-    firewall.enable = false;
   };
 
   fileSystems = {

hosts/server10/default.nix

@@ -28,10 +28,6 @@
   };
 
   networking = {
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 22 ];
-    };
     hostName = "server10";
     # TODO: change that to something more random
     hostId = "10101010";

hosts/spaceapi/default.nix

@@ -3,15 +3,9 @@ _:
 {
   c3d2.deployment.server = "server10";
 
-  networking = {
-    firewall.enable = false;
-    hostName = "spaceapi";
-  };
+  networking.hostName = "spaceapi";
 
   services.spaceapi.enable = true;
 
-  # HACK for ‘ekg-json-0.1.0.6’ nixos-22.05
-  # nixpkgs.config.allowBroken = true;
-
   system.stateVersion = "19.03";
 }