Tighte up firewall rules

This got a bit out of hand so I cleaned it up

1 files changed, 10 insertions, 15 deletions

diff --git a/configuration.nix b/configuration.nix
index d0575fe..f98df5c 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -123,22 +123,11 @@
   networking.firewall.enable = true;
   networking.firewall.checkReversePath = "loose";
   networking.firewall.allowedTCPPorts = [
-    548
-    6789
-    8989
-    5050
-    8112
-    2049
-    445
-    139
-    8096
-    7878
-    6595
-    80
-    443
-    3000
+    6789 # nzbget
+    6595 # deemix
+    548  # AFP
+    80   # nginx
   ];
-  networking.firewall.allowedUDPPorts = [ 137 138 53 ];
   networking.firewall.allowPing = true;
 
   services.cron = {
@@ -166,6 +155,7 @@
       };
 
       avahi = {
+        openFirewall = true;
         enable = true;
         nssmdns = true;
 
@@ -179,6 +169,7 @@
   services.samba = {
     enable = true;
     securityType = "user";
+    openFirewall = true;
     extraConfig = ''
       server role = standalone server
       workgroup = WORKGROUP
@@ -264,14 +255,18 @@
   services.deluge.enable = true;
   services.deluge.group = "media";
   services.deluge.web.enable = true;
+  services.deluge.web.openFirewall = true;
 
   services.radarr.enable = true;
   services.radarr.group = "media";
+  services.radarr.openFirewall = true;
 
   services.sonarr.enable = true;
   services.sonarr.group = "media";
+  services.sonarr.openFirewall = true;
 
   services.jellyfin.enable = true;
+  services.jellyfin.openFirewall = true;
 
   services.plex = let
       master = import