mediaserver: drop no-op firewall rules, close unused DR forwards

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
rope 2026-06-11 10:00:02 +01:00
parent f65675bd80
commit 8dd70a2d9d
12 changed files with 8 additions and 37 deletions

View file

@ -45,8 +45,7 @@
};
};
# LAN DNS — router blocks WAN:53 so this is effectively LAN-only
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
# LAN clients reach :53 via the nftables "LAN trusted" rule in router.nix;
# WAN:53 is dropped there.
};
}

View file

@ -6,7 +6,6 @@
# Bazarr
services.bazarr = {
enable = true;
openFirewall = true; # Opens port 7878
dataDir = "/var/lib/bazarr";
user = "bazarr";
group = "media";

View file

@ -66,7 +66,7 @@ in
};
};
networking.firewall.allowedTCPPorts = [ 2110 2603 2604 2605 2606 ];
networking.firewall.allowedUDPPorts = [ 2110 2603 2604 2605 2606 ];
# WAN forwards for 2110/2603-2606 were removed from ports.toml when this
# service was disabled — re-add them there if this comes back.
};
}

View file

@ -187,8 +187,5 @@
StartLimitIntervalSec = 300;
StartLimitBurst = 5;
};
networking.firewall.allowedTCPPorts = [ 26900 26910 ];
networking.firewall.allowedUDPPorts = [ 26900 26901 26902 26910 26911 26912 ];
};
}

View file

@ -87,7 +87,6 @@ in
services.homepage-dashboard = {
enable = true;
openFirewall = true;
listenPort = 8084;
# Allow access from anywhere on the LAN

View file

@ -5,7 +5,6 @@
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
# Ensure Jellyfin can write thumbnails/artwork to media directories

View file

@ -135,7 +135,5 @@ in
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

View file

@ -19,7 +19,6 @@
# Prowlarr
services.prowlarr = {
enable = true;
openFirewall = true;
dataDir = "/var/lib/prowlarr";
};
};

View file

@ -6,7 +6,6 @@
# Radarr
services.radarr = {
enable = true;
openFirewall = true; # Opens port 7878
dataDir = "/var/lib/radarr";
user = "radarr";
group = "media";

View file

@ -6,7 +6,6 @@
# Sonarr
services.sonarr = {
enable = true;
openFirewall = true;
dataDir = "/var/lib/sonarr";
user = "sonarr";
group = "media";