modularized firewall logic

2025-09-27 17:44:01 -06:00
parent 3d3f49aeec
commit 99574c9b66
27 changed files with 31 additions and 56 deletions
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -11,7 +11,6 @@ in
 {
  options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
  config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
-    networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
    sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; };
    services = {
      vaultwarden = lib.mkIf cfg.enable {