From 27c2541c3d2b410d5b7eb0af744c93c859181ba5 Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Tue, 6 May 2025 16:44:57 -0700
Subject: copenhagen: move web firewall config to top level module

---
 modules/nixos/services/web/default.nix            | 2 ++
 modules/nixos/services/web/images/default.nix     | 2 --
 modules/nixos/services/web/landing/default.nix    | 2 --
 modules/nixos/services/web/personal/default.nix   | 2 --
 modules/nixos/services/web/stargazers/default.nix | 2 --
 modules/nixos/services/web/status/default.nix     | 2 --
 6 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/modules/nixos/services/web/default.nix b/modules/nixos/services/web/default.nix
index 1e1e854..cc9395c 100644
--- a/modules/nixos/services/web/default.nix
+++ b/modules/nixos/services/web/default.nix
@@ -15,6 +15,8 @@ in {
       ];
     };
 
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
     security.acme = {
       acceptTerms = true;
       defaults.email = "caroline@larimo.re";
diff --git a/modules/nixos/services/web/images/default.nix b/modules/nixos/services/web/images/default.nix
index b1c44e6..ceb5b50 100644
--- a/modules/nixos/services/web/images/default.nix
+++ b/modules/nixos/services/web/images/default.nix
@@ -16,8 +16,6 @@ in {
         "/srv/web/images"
       ];
     };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
     
     services.nginx = {
       enable = true;
diff --git a/modules/nixos/services/web/landing/default.nix b/modules/nixos/services/web/landing/default.nix
index fe9e92b..c26d059 100644
--- a/modules/nixos/services/web/landing/default.nix
+++ b/modules/nixos/services/web/landing/default.nix
@@ -16,8 +16,6 @@ in {
         "/srv/web/landing"
       ];
     };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
     
     services.nginx = {
       enable = true;
diff --git a/modules/nixos/services/web/personal/default.nix b/modules/nixos/services/web/personal/default.nix
index 6a86447..e064d61 100644
--- a/modules/nixos/services/web/personal/default.nix
+++ b/modules/nixos/services/web/personal/default.nix
@@ -10,8 +10,6 @@ in {
 
   config = mkIf cfg.enable {
     cxl.services.web.enable = true;
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
     
     services.nginx = {
       enable = true;
diff --git a/modules/nixos/services/web/stargazers/default.nix b/modules/nixos/services/web/stargazers/default.nix
index 3e9b46e..2a7babe 100644
--- a/modules/nixos/services/web/stargazers/default.nix
+++ b/modules/nixos/services/web/stargazers/default.nix
@@ -16,8 +16,6 @@ in {
         "/srv/web/stargazers"
       ];
     };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
     
     services.nginx = {
       enable = true;
diff --git a/modules/nixos/services/web/status/default.nix b/modules/nixos/services/web/status/default.nix
index b5a949f..10cdcfb 100644
--- a/modules/nixos/services/web/status/default.nix
+++ b/modules/nixos/services/web/status/default.nix
@@ -16,8 +16,6 @@ in {
         "/srv/web/status"
       ];
     };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
     
     services.nginx = {
       enable = true;
-- 
cgit v1.2.3