system-nix/configuration.nix

@@ -91,19 +91,9 @@ with lib;
   # inherit networking;
   networking = networking // {
     firewall = {
-      trustedInterfaces = networking.firewall.trustedInterfaces or [ ] ++ [
+      trustedInterfaces = networking.firewall.trustedInterfaces or [] ++ [ "tailscale0" ];
-        "tailscale0"
+      allowedUDPPorts = networking.firewall.allowedUDPPorts or [] ++ [ config.services.tailscale.port ];
-      ];
+      allowedTCPPorts = networking.firewall.allowedTCPPorts or [] ++ [ 22 ];
-      allowedUDPPorts = networking.firewall.allowedUDPPorts or [ ] ++ [
-        config.services.tailscale.port
-      ];
-      allowedTCPPorts = networking.firewall.allowedTCPPorts or [ ] ++ [
-        22
-      ];
-      allowedUDPPortRanges = networking.firewall.allowedUDPPortRanges or [ ] ++ [
-        { from = 60000; to = 61000; } # mosh
-
-      ];
     };
   };
 

system-nix/flake.nix

@@ -17,10 +17,6 @@
         specialArgs = {
           # includeHardware = false;
           hostname = "Felia";
-          services.openssh = {
-            permitRootLogin = "no";
-            enable = true;
-          };
         };
       };
       # Generic machine
@@ -87,6 +83,8 @@
               prefixLength = 24;
             }];
             firewall.enable = true;
+            firewall.allowedTCPPorts = [ 22 ];
+            firewall.allowedUDPPorts = lib.range 60000 61000; # mosh
             useDHCP = false;
             interfaces.eth0.useDHCP = true;
           };