security improvements among other things

modules/default.nix

@@ -6,5 +6,6 @@
     ./neovim.nix
     ./zsh.nix
     ./flatpak.nix
+    ./firewall.nix
   ];
 }

modules/desktop/networking.nix

@@ -4,17 +4,6 @@
   config = {
     networking = {
       networkmanager.wifi.backend = "iwd";
-      firewall = {
-        allowedTCPPorts = [ 
-          8384 
-          22000 
-        ];
-        allowedUDPPorts = [ 
-          8080 
-          22000 
-          21027 
-        ];
-      };
       extraHosts = ''
         127.0.0.1 www.youtube.com
         127.0.0.1 www.reddit.com

modules/firewall.nix

@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+  config = {
+    networking = {
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [ 
+          # ssh
+          22
+
+          # http, https
+          80 443
+
+          # syncthing web ui
+          8384
+
+          # syncthing
+          22000 
+
+          # mumble
+          64738
+        ];
+        allowedUDPPorts = [ 
+          8080 
+
+          # other 
+          12333
+
+          # syncthing discovery
+          21027 
+
+          # mumble 
+          64738
+        ];
+      };
+    };
+  };
+}