From fe93f796a6babce139abad5f72c6713ede425c02 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Fri, 21 Apr 2023 00:53:25 +0100
Subject: [PATCH] fix: centralise the ports

---
 applications/dns.nix  | 5 +++++
 machines/_base.nix    | 3 +++
 machines/vendetta.nix | 5 -----
 machines/vigil.nix    | 7 -------
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/applications/dns.nix b/applications/dns.nix
index c763b72..85a0cf5 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -67,6 +67,11 @@ in {
       group = "named";
     };
 
+    networking.firewall = {
+      allowedTCPPorts = [53];
+      allowedUDPPorts = [53];
+    };
+
     services.bind = {
         enable = true;
 
diff --git a/machines/_base.nix b/machines/_base.nix
index 268a681..449925a 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -26,6 +26,9 @@
 
 
   networking = {
+    # every sever needs to be accessable over ssh for admin use at least
+    firewall.allowedTCPPorts = [22];
+
     # explisitly stating this is good
     defaultGateway = "193.1.99.65";
 
diff --git a/machines/vendetta.nix b/machines/vendetta.nix
index a0f53f3..cb47619 100644
--- a/machines/vendetta.nix
+++ b/machines/vendetta.nix
@@ -50,11 +50,6 @@ in {
         ];
       };
     };
-
-    firewall = {
-      allowedTCPPorts = [22 53];
-      allowedUDPPorts = [53];
-    };
   };
 
   # open the firewall for this
diff --git a/machines/vigil.nix b/machines/vigil.nix
index 0e68887..667527b 100644
--- a/machines/vigil.nix
+++ b/machines/vigil.nix
@@ -34,13 +34,6 @@ in {
     tags = [ "active" "dns" ];
   };
 
-  networking = {
-    firewall = {
-      allowedTCPPorts = [22 53];
-      allowedUDPPorts = [53];
-    };
-  };
-
   # open the firewall for this
   skynet_firewall.forward = [
     "ip daddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"