From bf69e4701ea546c1e08a05ac927e46f67dc0b204 Mon Sep 17 00:00:00 2001
From: Yan Lin <github@yanlincs.com>
Date: Wed, 10 Sep 2025 19:15:06 +0200
Subject: [PATCH] Edit firewall config for wireguard

---
 hosts/nixos/vps/system.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/nixos/vps/system.nix b/hosts/nixos/vps/system.nix
index 3cea085..6bc0e31 100644
--- a/hosts/nixos/vps/system.nix
+++ b/hosts/nixos/vps/system.nix
@@ -26,7 +26,8 @@
     useDHCP = true; # VPS typically use DHCP
     firewall = {
       enable = true;
-      allowedTCPPorts = [ 22 80 443 ]; # Only SSH by default
+      allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
+      trustedInterfaces = [ "wg0" ]; # Allow all traffic through WireGuard interface
     };
   };