From 719d5de3093fb4d2cf6339086c2ab70b3861b2b9 Mon Sep 17 00:00:00 2001
From: Christoph Schmatzler <christoph@schmatzler.com>
Date: Tue, 12 Aug 2025 16:43:20 +0000
Subject: [PATCH] fix networking

---
 profiles/nixos/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/profiles/nixos/default.nix b/profiles/nixos/default.nix
index 30e5361..eb0496e 100644
--- a/profiles/nixos/default.nix
+++ b/profiles/nixos/default.nix
@@ -1,6 +1,7 @@
 {
   pkgs,
   nixvim,
+  config,
   user,
   agenix,
   ...
@@ -24,9 +25,12 @@ in {
     nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
   };
 
-  virtualisation.docker = {
+  networking.firewall = {
     enable = true;
-    logDriver = "json-file";
+    trustedInterfaces = ["tailscale0"];
+    allowedUDPPorts = [config.services.tailscale.port];
+    allowedTCPPorts = [22];
+    checkReversePath = "loose";
   };
 
   services = {
@@ -37,7 +41,10 @@ in {
         PasswordAuthentication = false;
       };
     };
-    tailscale.enable = true;
+    tailscale = {
+      enable = true;
+      port = 41641;
+    };
     adguardhome = {
       enable = true;
       settings = {