From 8449f701a461365ecede2eba4145d0df294ac049 Mon Sep 17 00:00:00 2001
From: Daniel Langbein <daniel@systemli.org>
Date: Wed, 20 Sep 2023 15:38:13 +0200
Subject: [PATCH] refactor

---
 modules/base.nix | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/modules/base.nix b/modules/base.nix
index 8e4c0ca..96f5eb8 100644
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -119,13 +119,10 @@
 
   nix.settings.auto-optimise-store = true;
 
-  # Firewall
-  #
-  # Open ports in the firewall.
-  #networking.firewall.allowedTCPPorts = [ ... ];
-  #networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  #networking.firewall.enable = false;
+  # Firewall.
+  # https://nixos.wiki/wiki/Firewall
+  # -> Firewall rules may be overwritten by docker, as per https://github.com/NixOS/nixpkgs/issues/111852
+  networking.firewall.enable = true;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions