From 70ba12dff62899277267d8c771b6908b03ee445d Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Tue, 30 Jan 2024 19:38:17 -0500
Subject: update

---
 machines/firelink.nix | 13 -------------
 machines/tiny1.nix    |  4 ++--
 2 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/machines/firelink.nix b/machines/firelink.nix
index 1e93c6b..b2af988 100644
--- a/machines/firelink.nix
+++ b/machines/firelink.nix
@@ -11,7 +11,6 @@ in {
   orbekk.builder.enableRemoteBuilds = true;
   orbekk.rtc-wakeup.enable = true;
   orbekk.vpn.enable = true;
-  # orbekk.pms7003-exporter.enable = false;
 
   # Don't run gc on startup.
   nix.gc.persistent = false;
@@ -24,18 +23,6 @@ in {
 
   systemd.watchdog.runtimeTime = "30s";
   services.fwupd.enable = true;
-  orbekk.simple-firewall.allowedTCPPorts = [
-    69
-    22
-    aliases.services.prometheus-pms7003-exporter.port
-    "1714-1764"
-  ];
-  orbekk.simple-firewall.allowedUDPPorts = [
-    # avahi
-    5353
-    69
-    "1714-1764"
-  ];
 
   environment.systemPackages = with pkgs; [
     # minecraft
diff --git a/machines/tiny1.nix b/machines/tiny1.nix
index 1ca2837..8290879 100644
--- a/machines/tiny1.nix
+++ b/machines/tiny1.nix
@@ -3,9 +3,8 @@
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
-  orbekk.simple-firewall.enable = true;
-  orbekk.simple-firewall.allowedTCPPorts = [ 22 ];
   orbekk.vpn.enable = true;
+  networking.firewall.enable = true;
 
   nix.gc.automatic = true;
   nix.gc.options = "--delete-older-than 14d";
@@ -15,6 +14,7 @@
   networking.interfaces.ens3.useDHCP = true;
 
   services.openssh.enable = true;
+  services.openssh.openFirewall = true;
 
   users.users.root.initialHashedPassword = "";
   users.users.root.openssh.authorizedKeys.keys = [
-- 
cgit v1.2.3