simplify firewall config

hetzner-vpn1.nix

@@ -9,7 +9,6 @@
   config = {
     my = {
       enabledUsers = [];
-      server.enable = true;
       tailscale.enable = true;
     };
 
@@ -64,15 +63,6 @@
       };
     };
 
-    networking.firewall = {
+    networking.firewall.allowedTCPPorts = [80 443];
-      checkReversePath = "loose";
-      allowedTCPPortRanges = [
-        {
-          from = 5000;
-          to = 5005;
-        }
-      ];
-      allowedTCPPorts = [80 443];
-    };
   };
 }

modules/default.nix

@@ -4,7 +4,6 @@ modulesCfg: {lib, ...}: {
       ./i18n.nix
       ./nixpkgs.nix
       ./globalinstalls.nix
-      ./server.nix
       ./sshd.nix
       ./tailscale.nix
       ./buildtools.nix
@@ -17,5 +16,10 @@ modulesCfg: {lib, ...}: {
 
   config = {
     my.modulesCfg = modulesCfg;
+
+    networking.firewall = {
+      enable = true;
+      checkReversePath = "loose";
+    };
   };
 }

modules/desktop/default.nix

@@ -59,7 +59,6 @@ in {
       networkmanager.enable = true;
 
       firewall = {
-        enable = true;
         allowedTCPPortRanges = [
           {
             # KDE Connect / gsconnect

modules/desktop/gaming.nix

@@ -41,12 +41,9 @@ in {
       };
     };
 
-    networking.firewall.allowedUDPPortRanges = [
+    networking.firewall.allowedUDPPorts = [
-      {
       # Factorio
-        from = 34197;
+      34197
-        to = 34197;
-      }
     ];
 
     my.allowUnfreePackages = [

modules/server.nix

@@ -1,20 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  cfg = config.my.server;
-in {
-  options.my.server = {
-    enable = lib.mkEnableOption "server role";
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking.firewall = {
-      enable = true;
-      allowedTCPPortRanges = [
-      ];
-    };
-  };
-}