fix networking

2023-07-30 09:13:40 +08:00 · 2023-07-30 09:13:40 +08:00 · 4999b71c94
parent 2b9c3b7b4c
commit 4999b71c94
10 changed files with 22 additions and 12 deletions
--- a/nixos/lavender/configuration.nix
+++ b/nixos/lavender/configuration.nix
@ -111,8 +111,20 @@
    networkmanager.enable = true;
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 443 32400 32372 ];
-      allowedUDPPorts = [ 80 443 32400 32372 ];
+      allowedTCPPorts = [
+        53    # pihole-FTL  (DNS)
+        80    # traefik     (HTTP)
+        443   # traefik     (HTTPS)
+        32400 # plex
+        32372 # qbittorrent
+      ];
+      allowedUDPPorts = [
+        53    # pihole-FTL  (DNS)
+        80    # traefik     (HTTP)
+        443   # traefik     (HTTPS)
+        32400 # plex
+        32372 # qbittorrent
+      ];
    };
  };
  
--- a/nixos/lavender/containers/homepage/default.nix
+++ b/nixos/lavender/containers/homepage/default.nix
@ -10,7 +10,6 @@
      "/srv/data:/srv/data:ro"
      "/var/run/docker.sock:/var/run/docker.sock" # pass local proxy
    ];
-    ports = [ "3000:3000" ];
    extraOptions = ["--network=host"];
  };
 }
--- a/nixos/lavender/containers/pihole/default.nix
+++ b/nixos/lavender/containers/pihole/default.nix
@ -11,9 +11,9 @@
      "/srv/containers/pihole/secrets:/secrets"
    ];
    ports = [ 
-      "53:53/tcp"
-      "53:53/udp"
-      "8181:80/tcp"
+      "192.168.1.100:53:53/tcp"   # pihole-FTL (DNS)
+      "192.168.1.100:53:53/udp"   # pihole-FTL (DNS)
+      "192.168.1.100:8181:80/tcp" # lighttpd   (HTTP)
    ];
    environment = {
      WEBPASSWORD_FILE = "/secrets/admin-password";
--- a/nixos/lavender/containers/plex/default.nix
+++ b/nixos/lavender/containers/plex/default.nix
@ -9,7 +9,6 @@
      "/srv/containers/plex:/config"
      "/srv/data/media:/data/media:ro"
    ];
-    ports = [ "32400:32400" ];
    extraOptions = ["--network=host"];
  };
 }
--- a/nixos/lavender/containers/prowlarr/default.nix
+++ b/nixos/lavender/containers/prowlarr/default.nix
@ -10,5 +10,6 @@
      "/srv/data:/data"
    ];
    ports = [ "9696:9696" ];
+    extraOptions = ["--network=media-stack"];
  };
 }
--- a/nixos/lavender/containers/qbittorrent/default.nix
+++ b/nixos/lavender/containers/qbittorrent/default.nix
@ -13,5 +13,6 @@
      "8383:8080"
      "32372:32372"
    ];
+    extraOptions = ["--network=media-stack"];
  };
 }
--- a/nixos/lavender/containers/radarr/default.nix
+++ b/nixos/lavender/containers/radarr/default.nix
@ -10,5 +10,6 @@
      "/srv/data:/data"
    ];
    ports = [ "7878:7878" ];
+    extraOptions = ["--network=media-stack"];
  };
 }
--- a/nixos/lavender/containers/recyclarr/default.nix
+++ b/nixos/lavender/containers/recyclarr/default.nix
@ -8,5 +8,6 @@
    volumes = [
      "/srv/containers/recyclarr:/config"
    ];
+    extraOptions = ["--network=media-stack"];
  };
 }
--- a/nixos/lavender/containers/sonarr/default.nix
+++ b/nixos/lavender/containers/sonarr/default.nix
@ -10,5 +10,6 @@
      "/srv/data:/data"
    ];
    ports = [ "8989:8989" ];
+    extraOptions = ["--network=media-stack"];
  };
 }
--- a/nixos/lavender/containers/traefik/default.nix
+++ b/nixos/lavender/containers/traefik/default.nix
@ -11,11 +11,6 @@
      "/srv/containers/traefik/letsencrypt:/letsencrypt"
      "/srv/containers/traefik/secrets:/secrets"
    ];
-    ports = [
-      "80:80"
-      "443:443"
-      "8080:8080"
-    ];
    environment = {
      CF_API_EMAIL_FILE = "/secrets/cf-api-email";
      CF_API_KEY_FILE = "/secrets/cf-api-key";