From 1ebbd79e6bda0258c50e0b823e9a3dfd54303820 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Tue, 2 Jul 2019 13:04:55 +1000
Subject: [PATCH] Added firewall rules

---
 Networks/Linode.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Networks/Linode.nix b/Networks/Linode.nix
index 73439ad..e31d15e 100644
--- a/Networks/Linode.nix
+++ b/Networks/Linode.nix
@@ -1,4 +1,4 @@
-# NixOps configuration for the Raspberry Pi 3B Rack
+# NixOps configuration for the Linode VMs
 
 {
   network = {
@@ -18,6 +18,13 @@
       config = "x86_64-unknown-linux-gnu";
       allowUnfree = true;
     };
+
+    # Configure firewall defaults:
+    networking.firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 ];
+      trustedInterfaces = [ "lo" ];
+    };
   };
 
   cuallaidh =