make sure web ports are allowed

hosts/freun.dev/configuration.nix

@@ -121,11 +121,10 @@
     settings.PasswordAuthentication = false;
   };
 
-  # Open ports in the firewall.
+  modules.firewall = {
-  networking.firewall.allowedTCPPorts = [ 22 ];
+    enable = true;
-  # networking.firewall.allowedUDPPorts = [ ... ];
+    allInterfaces = [ "ssh" ];
-  # Or disable the firewall altogether.
+  };
-  # networking.firewall.enable = false;
 
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you

hosts/freun.dev/services/default.nix

@@ -17,10 +17,8 @@
 
   virtualisation.oci-containers.backend = "podman";
 
-  networking.firewall = {
+  networking.firewall.trustedInterfaces = [ "podman1" ];
-    trustedInterfaces = [ "podman1" ];
+  modules.firewall.interfaces.podman1 = [ "dns" ];
-    interfaces.podman1.allowedUDPPorts = [ 53 ];
-  };
 
   modules.webserver.enable = true;
 

modules/webserver.nix

@@ -94,6 +94,6 @@ in
       };
     };
 
-    modules.firewall.allInterfaces = lib.mkDefault [ "web" ];
+    modules.firewall.allInterfaces = [ "web" ];
   };
 }