From d6ed76ace5e881eed869e300785863ff8b35335e Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 4 Aug 2025 10:34:50 +0200
Subject: [PATCH] plug hole in firewall

---
 machines/dev/fedi203/woodpecker.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/machines/dev/fedi203/woodpecker.nix b/machines/dev/fedi203/woodpecker.nix
index 8fd9da78..4b3415df 100644
--- a/machines/dev/fedi203/woodpecker.nix
+++ b/machines/dev/fedi203/woodpecker.nix
@@ -275,6 +275,12 @@
     443
   ];
 
+  # This is needed for podman to be able to talk over dns
+  networking.firewall.interfaces."podman0" = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
+
   virtualisation.podman = {
     enable = true;
     autoPrune = {