From ad158b2814662adda2def6d8d992e9c738d8959f Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Tue, 18 Feb 2025 14:33:29 +0100
Subject: [PATCH] chore: add 443 UDP to firewall for QUIC

---
 hosts/sentinel/default.nix      | 3 +++
 hosts/ward/guests/web-proxy.nix | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/hosts/sentinel/default.nix b/hosts/sentinel/default.nix
index d016e0b..810ae96 100644
--- a/hosts/sentinel/default.nix
+++ b/hosts/sentinel/default.nix
@@ -26,6 +26,9 @@
     80
     443
   ];
+  wireguard.proxy-sentinel.firewallRuleForAll.allowedUDPPorts = [
+    443
+  ];
 
   users.groups.acme.members = [ "nginx" ];
   services.nginx.enable = true;
diff --git a/hosts/ward/guests/web-proxy.nix b/hosts/ward/guests/web-proxy.nix
index f88d3c0..96958f5 100644
--- a/hosts/ward/guests/web-proxy.nix
+++ b/hosts/ward/guests/web-proxy.nix
@@ -16,6 +16,9 @@ in
       80
       443
     ];
+    firewallRuleForAll.allowedUDPPorts = [
+      443
+    ];
   };
 
   # This node shall monitor the infrastructure