From 55b043c80d9e84e02c32761fa300994a9447ae74 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 8 May 2022 00:15:50 +0000
Subject: [PATCH] config/net: re-enable the firewall now that SMTP is
 operational

---
 config/net.nix | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/config/net.nix b/config/net.nix
index fa7607af..6d24eb61 100644
--- a/config/net.nix
+++ b/config/net.nix
@@ -3,11 +3,19 @@
 {
   networking.domain = "uninsane.org";
 
-  networking.firewall.enable = false;
-  # networking.firewall.enable = true;
-  # networking.firewall.allowedTCPPorts = [ 25 80 143 443 993 ];
-  # # DLNA ports: https://jellyfin.org/docs/general/networking/index.html
-  # networking.firewall.allowedUDPPorts = [ 1900 7359 ];
+  # networking.firewall.enable = false;
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    25   # SMTP
+    80   # HTTP
+    143  # IMAP
+    443  # HTTPS
+    465  # SMTPS (maybe not required?)
+    587  # SMTPS/submission (maybe not required?)
+    993  # IMAPS
+  ];
+  # DLNA ports: https://jellyfin.org/docs/general/networking/index.html
+  networking.firewall.allowedUDPPorts = [ 1900 7359 ];
 
   # we need to use externally-visible nameservers in order for VPNs to be able to resolve hosts.
   networking.nameservers = [