From 0a331fb4aee636bc4a2f058f20219601ddeb92ff Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 4 Aug 2025 10:34:50 +0200
Subject: [PATCH] plug hole in firewall

format
---
 machines/dev/fedi203/woodpecker.nix | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 913cfc1f..52f016b0 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -203,14 +203,20 @@
 
   networking = {
     nftables.enable = lib.mkForce false;
+    firewall = {
+      allowedTCPPorts = [
+        22
+        80
+        443
+      ];
+      # needed for podman to be able to talk over dns
+      interfaces."podman0" = {
+        allowedUDPPorts = [ 53 ];
+        allowedTCPPorts = [ 53 ];
+      };
+    };
   };
 
-  networking.firewall.allowedTCPPorts = [
-    22
-    80
-    443
-  ];
-
   virtualisation.podman = {
     enable = true;
     autoPrune = {