diff options
author | Nick Van Doorn <nick@nvandoorn.com> | 2023-06-07 21:44:05 +0000 |
---|---|---|
committer | Nick Van Doorn <nick@nvandoorn.com> | 2023-06-07 21:44:05 +0000 |
commit | a64770c19256974617a0d4ebf01819245f9dfe79 (patch) | |
tree | fad903346b2de1aa7fe779ec28e500272bd0a366 | |
parent | 8dde44513af4f0c7cc42fa0caf17c0cbac4de8e0 (diff) |
Tighte up firewall rules
This got a bit out of hand so I cleaned it up
-rw-r--r-- | configuration.nix | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/configuration.nix b/configuration.nix index d0575fe..f98df5c 100644 --- a/configuration.nix +++ b/configuration.nix @@ -123,22 +123,11 @@ networking.firewall.enable = true; networking.firewall.checkReversePath = "loose"; networking.firewall.allowedTCPPorts = [ - 548 - 6789 - 8989 - 5050 - 8112 - 2049 - 445 - 139 - 8096 - 7878 - 6595 - 80 - 443 - 3000 + 6789 # nzbget + 6595 # deemix + 548 # AFP + 80 # nginx ]; - networking.firewall.allowedUDPPorts = [ 137 138 53 ]; networking.firewall.allowPing = true; services.cron = { @@ -166,6 +155,7 @@ }; avahi = { + openFirewall = true; enable = true; nssmdns = true; @@ -179,6 +169,7 @@ services.samba = { enable = true; securityType = "user"; + openFirewall = true; extraConfig = '' server role = standalone server workgroup = WORKGROUP @@ -264,14 +255,18 @@ services.deluge.enable = true; services.deluge.group = "media"; services.deluge.web.enable = true; + services.deluge.web.openFirewall = true; services.radarr.enable = true; services.radarr.group = "media"; + services.radarr.openFirewall = true; services.sonarr.enable = true; services.sonarr.group = "media"; + services.sonarr.openFirewall = true; services.jellyfin.enable = true; + services.jellyfin.openFirewall = true; services.plex = let master = import |