From f2aefa3fb70c1badc27a78301e8ac7da592323c5 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Thu, 25 Aug 2022 15:09:36 +0200
Subject: [PATCH] Firewall ports named, removed unused services

---
 hosts/architect/firewall.nix | 47 ++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix
index dc80d8c..dec5933 100644
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@@ -3,28 +3,45 @@
 with import ./network.nix;
 
 let
+  # TCP services
+  ssh_tcp = 22;
+  http_tcp = 80;
+  https_tcp = 443;
+  synapse_tcp = 8448;
+  gitea_tcp = 10022;
+  prosody_tcp = 5222; 
+  minecraft_tcp = 25565;
+
+  # UDP services
+  dns_udp = 53;
+  wireguard_udp = 1194;
+  
+  # TCP/UDP services
+  transmission = 51413;
+
+  # grouping
   open_tcp_ports = lib.concatMapStringsSep "," (x: toString x) [
-    22 # ssh
-    80 # http
-    443 # https
-    8448 # matrix
-    10022 # gitea
-    18080 # monero
-    51413 # transmission
+    ssh_tcp
+    http_tcp
+    https_tcp
+    synapse_tcp
+    gitea_tcp
+    transmission
   ];
   open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
-    1194 # wireguard
-    51413 # transmission
+    wireguard_udp
+    transmission
   ];
   open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
-    22
-    80
-    443
-    32400 # plex
+    ssh_tcp
+    http_tcp
+    https_tcp
+    prosody_tcp
+    minecraft_tcp
   ];
   open_udp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
-    53 # dns
-    1194 # vpn
+    dns_udp
+    wireguard_udp
   ];
 
 in {