Docker: Move firewall settings because it's force enabled by Docker to the docker.nix

nix-os/core.nix

@@ -115,12 +115,8 @@
     '';
   };
 
-  networking.firewall = {
-    enable = true;
-    # "Disable" firewall because of docker
-    allowedTCPPortRanges = [{ from = 0; to = 65535;}];
-    allowedUDPPortRanges = [{ from = 0; to = 65535;}];
-  };
+  # Disable firewall
+  networking.firewall.enable = false;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

nix-os/docker.nix

@@ -27,4 +27,14 @@
   config.environment.systemPackages = with pkgs; [
     docker-compose
   ];
+
+  # Docker enables firewall anyway, let's enable the firewall for it if it's disabled
+  # TODO: Apply only when config.networking.firewall is false
+  config.networking.firewall = {
+    enable = lib.mkOverride 90 true;
+    allowedTCPPorts = lib.mkOverride 90 [];
+    allowedUDPPorts = lib.mkOverride 90 [];
+    allowedTCPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
+    allowedUDPPortRanges = lib.mkOverride 90 [{ from = 0; to = 65535;}];
+  };
 }