From 6ae080c68d4aa0b5b46a44d61ac04364d6188bdd Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Wed, 18 Jan 2023 11:10:31 +0800
Subject: [PATCH] hosts/ni: enable nftables-based firewall

---
 hosts/ni/default.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix
index 15784a55..e46dc01a 100644
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@@ -177,8 +177,25 @@ in
     ];
   };
 
+  # We'll go with a software firewall. We're mostly configuring it as if we're
+  # using a server even though the chances of that is pretty slim.
+  networking = {
+    nftables.enable = true;
+    firewall = {
+      enable = true;
+      allowedUDPPorts = [ wireguardPort ];
+      allowedTCPPorts = [
+        22 # Secure Shells.
+
+        80 # HTTP servers.
+        433 # HTTPS servers.
+      ];
+    };
+  };
+
   system.stateVersion = "22.11"; # Yes! I read the comment!
 
+  # Trying to be very portable with LDAP.
   users.ldap = {
     enable = true;
     base = "dc=foodogsquared,dc=one";