From 857e7b6a07166a6c8ae18e60d1a010fafc708182 Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Mon, 23 Dec 2024 11:30:37 -0600
Subject: [PATCH] Don't automatically open firewall for Caddy.

---
 hosts/hub/default.nix | 5 +++++
 roles/caddy.nix       | 4 ----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/hosts/hub/default.nix b/hosts/hub/default.nix
index 5dd8bd9..59f0a96 100644
--- a/hosts/hub/default.nix
+++ b/hosts/hub/default.nix
@@ -109,6 +109,11 @@
     };
   };
 
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
   services.caddy.virtualHosts."users.thewordnerd.info".extraConfig =
     ''reverse_proxy localhost:17170'';
 
diff --git a/roles/caddy.nix b/roles/caddy.nix
index 23aa2dd..0a7e5fe 100644
--- a/roles/caddy.nix
+++ b/roles/caddy.nix
@@ -6,10 +6,6 @@
     package = pkgs.callPackage ../pkgs/caddy.nix { };
     email = "nolan@thewordnerd.info";
   };
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
   age.secrets.tsAuthKey = {
     file = ../secrets/ts_auth_key.age;
     owner = config.services.caddy.user;