fireall + enabled services on miniserver
This commit is contained in:
parent
fbf81f60ce
commit
e726ebedc1
@ -28,50 +28,43 @@
|
|||||||
servers = {
|
servers = {
|
||||||
jellyfin = {
|
jellyfin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableCron = true;
|
enableCron = false;
|
||||||
};
|
};
|
||||||
nextcloud = {
|
nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableCron = true;
|
enableCron = true;
|
||||||
};
|
};
|
||||||
adguardhome.enable = true;
|
adguardhome.enable = false;
|
||||||
audiobookshelf.enable = true;
|
audiobookshelf.enable = false;
|
||||||
bazarr.enable = true;
|
bazarr.enable = false;
|
||||||
collabora.enable = true;
|
collabora.enable = false;
|
||||||
flame.enable = true;
|
flame.enable = true;
|
||||||
flameSecret.enable = true;
|
flameSecret.enable = true;
|
||||||
go-vod.enable = true;
|
go-vod.enable = false;
|
||||||
kavita.enable = true;
|
kavita.enable = false;
|
||||||
lidarr.enable = true;
|
lidarr.enable = false;
|
||||||
maloja.enable = true;
|
maloja.enable = true;
|
||||||
mealie.enable = true;
|
mealie.enable = true;
|
||||||
metube.enable = true;
|
metube.enable = false;
|
||||||
microbin.enable = true;
|
microbin.enable = true;
|
||||||
multi-scrobbler.enable = true;
|
multi-scrobbler.enable = true;
|
||||||
paperless.enable = true;
|
paperless.enable = true;
|
||||||
postgres.enable = true;
|
postgres.enable = true;
|
||||||
prowlarr.enable = true;
|
prowlarr.enable = false;
|
||||||
qbittorrent.enable = true;
|
qbittorrent.enable = false;
|
||||||
radarr.enable = true;
|
radarr.enable = false;
|
||||||
ryot.enable = true;
|
ryot.enable = false;
|
||||||
shiori.enable = true;
|
shiori.enable = true;
|
||||||
sonarr.enable = true;
|
sonarr.enable = false;
|
||||||
vaultwarden.enable = true;
|
vaultwarden.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
fonts.fontconfig.enable = true;
|
fonts.fontconfig.enable = true;
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "miniserver";
|
hostName = "miniserver";
|
||||||
firewall = let
|
firewall = {
|
||||||
open_firewall_ports = [
|
allowedTCPPorts = [ 2049 ];
|
||||||
51413 # torrent sedding
|
allowedUDPPorts = [ 2049 ];
|
||||||
9091 # qbittorrent
|
|
||||||
2049 # nfs
|
|
||||||
];
|
|
||||||
in {
|
|
||||||
allowPing = true;
|
|
||||||
allowedTCPPorts = open_firewall_ports;
|
|
||||||
allowedUDPPorts = open_firewall_ports;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nix = let
|
nix = let
|
||||||
|
|||||||
@ -1,4 +1,8 @@
|
|||||||
{ lib, config, pkgs, proxyReverse, ... }: {
|
{ lib, config, pkgs, proxyReverse, ... }:
|
||||||
|
let
|
||||||
|
port = 9091;
|
||||||
|
ports = [ port 51413 ];
|
||||||
|
in {
|
||||||
options.my.servers.qbittorrent.enable = lib.mkEnableOption "enable";
|
options.my.servers.qbittorrent.enable = lib.mkEnableOption "enable";
|
||||||
config = lib.mkIf config.my.servers.qbittorrent.enable {
|
config = lib.mkIf config.my.servers.qbittorrent.enable {
|
||||||
systemd = {
|
systemd = {
|
||||||
@ -49,7 +53,11 @@
|
|||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
|
virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
|
||||||
proxyReverse 9091 // { };
|
proxyReverse port // { };
|
||||||
|
};
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = ports;
|
||||||
|
allowedUDPPorts = ports;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user