fireall + enabled services on miniserver

2024-06-15 00:50:28 -06:00 · 2024-06-15 00:50:28 -06:00 · e726ebedc1
commit e726ebedc1
parent fbf81f60ce
2 changed files with 27 additions and 26 deletions
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@ -28,50 +28,43 @@
    servers = {
      jellyfin = {
        enable = true;
-        enableCron = true;
+        enableCron = false;
      };
      nextcloud = {
        enable = true;
        enableCron = true;
      };
-      adguardhome.enable = true;
-      audiobookshelf.enable = true;
-      bazarr.enable = true;
-      collabora.enable = true;
+      adguardhome.enable = false;
+      audiobookshelf.enable = false;
+      bazarr.enable = false;
+      collabora.enable = false;
      flame.enable = true;
      flameSecret.enable = true;
-      go-vod.enable = true;
-      kavita.enable = true;
-      lidarr.enable = true;
+      go-vod.enable = false;
+      kavita.enable = false;
+      lidarr.enable = false;
      maloja.enable = true;
      mealie.enable = true;
-      metube.enable = true;
+      metube.enable = false;
      microbin.enable = true;
      multi-scrobbler.enable = true;
      paperless.enable = true;
      postgres.enable = true;
-      prowlarr.enable = true;
-      qbittorrent.enable = true;
-      radarr.enable = true;
-      ryot.enable = true;
+      prowlarr.enable = false;
+      qbittorrent.enable = false;
+      radarr.enable = false;
+      ryot.enable = false;
      shiori.enable = true;
-      sonarr.enable = true;
+      sonarr.enable = false;
      vaultwarden.enable = true;
    };
  };
  fonts.fontconfig.enable = true;
  networking = {
    hostName = "miniserver";
-    firewall = let
-      open_firewall_ports = [
-        51413 # torrent sedding
-        9091 # qbittorrent
-        2049 # nfs
-      ];
-    in {
-      allowPing = true;
-      allowedTCPPorts = open_firewall_ports;
-      allowedUDPPorts = open_firewall_ports;
+    firewall = {
+      allowedTCPPorts = [ 2049 ];
+      allowedUDPPorts = [ 2049 ];
    };
  };
  nix = let
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@ -1,4 +1,8 @@
-{ lib, config, pkgs, proxyReverse, ... }: {
+{ lib, config, pkgs, proxyReverse, ... }:
+let
+  port = 9091;
+  ports = [ port 51413 ];
+in {
  options.my.servers.qbittorrent.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.servers.qbittorrent.enable {
    systemd = {
@ -49,7 +53,11 @@
    services.nginx = {
      enable = true;
      virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
-        proxyReverse 9091 // { };
+        proxyReverse port // { };
+    };
+    networking.firewall = {
+      allowedTCPPorts = ports;
+      allowedUDPPorts = ports;
    };
  };
 }