From 7443b4290428e003300ab6070e577c2e9ae1771b Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Fri, 10 Feb 2023 11:43:18 -0600
Subject: sys/nspawn: open dmz ports on firewall

---
 sys/nspawn.nix | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'sys/nspawn.nix')

diff --git a/sys/nspawn.nix b/sys/nspawn.nix
index 6f1558c..2f23cff 100644
--- a/sys/nspawn.nix
+++ b/sys/nspawn.nix
@@ -122,9 +122,13 @@ in
       };
     };
 
-    networking.firewall.interfaces.ve-dmz = {
-      allowedTCPPorts = [ cfg.mailHost.saslPort cfg.mailHost.lmtpPort ];
-      allowedUDPPorts = [ 67 ]; # DHCP
+    networking.firewall = {
+      allowedTCPPorts = [ 25 80 143 443 587 ];
+
+      interfaces.ve-dmz = {
+        allowedTCPPorts = [ cfg.mailHost.saslPort cfg.mailHost.lmtpPort ];
+        allowedUDPPorts = [ 67 ]; # DHCP
+      };
     };
   };
 }
-- 
cgit v1.2.3