Firewall ports named, removed unused services

2022-08-25 15:09:36 +02:00 · 2022-08-25 15:09:36 +02:00 · f2aefa3fb7
commit f2aefa3fb7
parent ad9b9b2e02
1 changed files with 32 additions and 15 deletions
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@ -3,28 +3,45 @@
 with import ./network.nix;

 let
+  # TCP services
+  ssh_tcp = 22;
+  http_tcp = 80;
+  https_tcp = 443;
+  synapse_tcp = 8448;
+  gitea_tcp = 10022;
+  prosody_tcp = 5222; 
+  minecraft_tcp = 25565;
+
+  # UDP services
+  dns_udp = 53;
+  wireguard_udp = 1194;
+  
+  # TCP/UDP services
+  transmission = 51413;
+
+  # grouping
  open_tcp_ports = lib.concatMapStringsSep "," (x: toString x) [
-    22 # ssh
-    80 # http
-    443 # https
-    8448 # matrix
-    10022 # gitea
-    18080 # monero
-    51413 # transmission
+    ssh_tcp
+    http_tcp
+    https_tcp
+    synapse_tcp
+    gitea_tcp
+    transmission
  ];
  open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
-    1194 # wireguard
-    51413 # transmission
+    wireguard_udp
+    transmission
  ];
  open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
-    22
-    80
-    443
-    32400 # plex
+    ssh_tcp
+    http_tcp
+    https_tcp
+    prosody_tcp
+    minecraft_tcp
  ];
  open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
-    53 # dns
-    1194 # vpn
+    dns_udp
+    wireguard_udp
  ];

 in {