From 8b669fe507aced94c12a4c150e8d685b0388a2c2 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@gleipnir.technology>
Date: Sat, 23 Aug 2025 18:33:57 +0000
Subject: [PATCH] Add firewall configuration to sync

---
 host/sync/configuration.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/host/sync/configuration.nix b/host/sync/configuration.nix
index dc45ace..a0a6d81 100644
--- a/host/sync/configuration.nix
+++ b/host/sync/configuration.nix
@@ -4,4 +4,22 @@
 	];
 	myModules.caddy.enable = true;
 	myModules.fieldseeker-sync.enable = true;
+	networking = {
+		firewall = {
+			enable = true;
+			interfaces.ens3 = {
+				allowedUDPPorts = [ 22 80 443 ];
+				allowedTCPPorts = [ 22 80 443 ];
+			};
+			trustedInterfaces = [
+				"ens4"
+				"lo"
+			];
+		};
+		networkmanager.enable = false;
+		nftables = {
+			enable = true;
+		};
+		useNetworkd = true;
+	};
 }