From 8dcb19b7ae25d7b61f0fd265cc79536fe4f53543 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 24 Aug 2025 18:55:35 -0700
Subject: open firewall ports for forgejo and keycloak

---
 machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix  | 2 ++
 machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'machines/nixos/x86_64-linux')

diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
index ddaf218..18d6207 100644
--- a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
@@ -11,6 +11,8 @@ let
   '';
 in
 {
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
   age.secrets.forgejo-fastmail = {
     file = "${self}/secrets/forgejo-fastmail.age";
   };
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
index fc1fe2d..b6fb6c3 100644
--- a/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/profiles/keycloak.nix
@@ -4,6 +4,8 @@
     file = "${self}/secrets/keycloak-db-password.age";
   };
 
+  networking.firewall.allowedTCPPorts = [ 8080 ];
+
   services.keycloak = {
     enable = true;
     database.passwordFile = config.age.secrets.keycloak-db-password.path;
-- 
cgit v1.2.3