From 72c617619cc02b68b148daeb4cbab95eb7a78c77 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Sat, 24 Aug 2024 01:07:27 -0400
Subject: [PATCH] little firewalls everywhere

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 modules/base.nix                     | 2 ++
 modules/openssh.nix                  | 1 +
 systems/palatine-hill/networking.nix | 1 -
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/base.nix b/modules/base.nix
index d9882ba..e1e6793 100644
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -33,4 +33,6 @@
       };
     };
   };
+
+  firewall.enable = lib.mkDefault true;
 }
diff --git a/modules/openssh.nix b/modules/openssh.nix
index d05b702..ca49822 100644
--- a/modules/openssh.nix
+++ b/modules/openssh.nix
@@ -2,6 +2,7 @@
 {
   services.openssh = {
     enable = lib.mkDefault true;
+    openFirewall = lib.mkDefault true;
     fixPermissions = true;
     extraConfig = "StreamLocalBindUnlink yes";
 
diff --git a/systems/palatine-hill/networking.nix b/systems/palatine-hill/networking.nix
index 56556d7..7e8789f 100644
--- a/systems/palatine-hill/networking.nix
+++ b/systems/palatine-hill/networking.nix
@@ -9,7 +9,6 @@
 
   networking = {
     hostId = "dc2f9781";
-    firewall.enable = false;
   };
 
   systemd.network = {