diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index 366673f..0b47f86 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -1,41 +1,54 @@ { ... }: { - networking.firewall.allowedTCPPorts = [ - # qbit - 8081 - 8082 - 8443 + networking.firewall = { - # hydra - 3000 + extraCommands = " + iptables -I nixos-fw 1 -i br+ -j ACCEPT + "; - # minio - 8500 - 8501 + extraStopCommands = " + iptables -D nixos-fw -i br+ -j ACCEPT + "; - # gitea - 2222 - 2223 - 8088 + trustedInterfaces = [ "br+" ]; - # attic - 8183 + allowedTCPPorts = [ + # qbit + 8081 + 8082 + 8443 - # collabora - 9980 + # hydra + 3000 - # arr - 6767 - 9696 - 7878 - 8989 - 8686 - 8787 - 5055 + # minio + 8500 + 8501 - # temp postgres - 5432 - ]; + # gitea + 2222 + 2223 + 8088 + # attic + 8183 + + # collabora + 9980 + + # arr + 6767 + 9696 + 7878 + 8989 + 8686 + 8787 + 5055 + + # temp postgres + 5432 + ]; + + }; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 4b62a3e..3005b7b 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -27,10 +27,10 @@ docker: protonvpn-start-script: ENC[AES256_GCM,data:ZnlDpCLdILHXSUCI6itWkqO4y75Lwjj7qT1DBkfueLneQOaQ0JhuE2FbOOajkmI046nP9fMrJbu3g4QZHsq1g8yqGU1wb0OOT+eS9+M92Md29B4NnUdwnVAO6/RzvRKXP2tsQ4iprx9An+BEFwZYD6WG6DQc6NjJVSgRcYvfH9rQey2VdwLysNsgFCs8eC6QgikqBpeg4eOIvDDNbdXPKkW+ZPph9xpzGkcFIMwlX5esg0n7qyUoMvWwBn4avC46U5erOw0fNajY60ri9sm5Afht6LZrFal71Hx/K9/5EXBp9dD4teLO2Ew0CQX0i94pKCuR207l9868s7Ao3udLp4wbiLnXoRKq+w==,iv:qR0kNYpb50NXEqSksvHBPAaRG51RKCsSwTq32nosxzo=,tag:+xRQyuWi4Ja/N9lcd11oJA==,type:str] notifiarr: ENC[AES256_GCM,data:XxVEhp4Rei6mRcdSSooRnofuVNZDalVhDYiVUmvQUr8QihrVRMKRE9Kpl5PGWUBw,iv:urMLaUf3XUjMks2vk0E7iRUU3mLHBiMAiwtQgmWQq20=,tag:dHdTOyC/ukd71UlYEI5fWw==,type:str] bazarr: ENC[AES256_GCM,data:x+JdRCl3x3OM3lWmgcWikJSEnh5c5He5HmuLzCGAQ8zUXMi2Z3Kf6LzL+aoqtCBu3rabYZmQSLBoDm9CPkk=,iv:7e+3w46RUD2/OSlwrEe7BRxUqPPdt5+obIjQA8pr3xY=,tag:rHSijp/tcf/SGp5y4kJ0cw==,type:str] - prowlarr: ENC[AES256_GCM,data:AyOaj1nYCxeycBgp5sfNKz3A158FuXVg0DCoLrOE9YnUIAjo+5PW9HMdpCEiK0OfgoMPcUZNZowLYYY0goxwC+4+tB87TnBz2YpXTX8L7YO2JA+g7hA=,iv:IaZxKl5ypdIQ4f4SAHQtaUC20lbYL1b7mptu/FVB6k4=,tag:A9eQI9gG7wkSEPt6Mdg3Zw==,type:str] - radarr: ENC[AES256_GCM,data:vqjqRsDjFm30yMrzWsWC6prYSEUQ+4v0hlDqJ6FS39hNFaGtGAsulUWv9MAJ11xI9CLsjjQUtpQ5KlRkYlHo5FnzeXCpK05ewkhYyqa7NKE=,iv:sKdxA5AtxpFpuiUYpz3NW2Fjc+ZKFmiJqibdQ3P6pVg=,tag:tDlJpApk4g6SYFzyn8Z/HA==,type:str] - sonarr: ENC[AES256_GCM,data:IooG9LDXpdbQcknriSdowPwNv++yfj54mko49rtm4B8IVEV30B5o8iZhGXmSgpLsH9QtP/PmkuczjiiwlPI2QM5iRxpjUz2456a1hi61/uY=,iv:/PagjmFtJgkYKFPmZD5qI8DzdiuUIX8m0lapdZBXUus=,tag:Ppew0fepqgnhvTorwalhEw==,type:str] - lidarr: ENC[AES256_GCM,data:9YtVafa4/SQ78+DJ52emGyLHCWpJpnhc+2DwGBQ0uhFiee7ZRFy+O0kHPPyNly8sgP9UOZt+53D4sAv9S8hOCnJTAbHiNnzTbjQmZtnvgnc=,iv:dlF5wtcphEhg5jxb8YSIF9/2Vj1KY10Vza/OGK1jXRM=,tag:8qmdQjRv30VqRReOzr6UEA==,type:str] + prowlarr: ENC[AES256_GCM,data:fc4Dw6U9IjoDSXIAFNqtsFKZGFSkfiRhc96WyDYZg10KRcASZBEhLUWNSTgA0FnPOu7QINjIdSZrnTUbG7tEU/UfcnHISXiQwlaPzT8R+F/XSJOjSrg=,iv:XQ6WJZHkyzDIMgu1VL3UB//+vVP4xI5ruLf199pOqd4=,tag:Cv2YtzqrmHbn4y2AD4rF2A==,type:str] + radarr: ENC[AES256_GCM,data:gdk15Sj8ZVxxz9dLtBzNTIXtpVxSL4cFm+7PSso4C2p+qucxbRxGYlvJKzi7bnL6fH8cwLh1lGSS+jqFzPa0GhIlW7DvyKywuZqmngSm8ys=,iv:qMTdgb1BqY3ZyGbsk+OhyfSooqducnpRRBioxw4RME0=,tag:0BCneime1bM3gqE5tObm/Q==,type:str] + sonarr: ENC[AES256_GCM,data:lbDFJU8QyMwCt7L4gl1g+ESWix81tyCHOlbSwRM+S1huGo3mpFdabpA+QTOGE7KwUr144uMmNgHXc97RCePELnAWoQmRG6VYP3zITVS5GrU=,iv:jPODdbCExANoiBQrpE+i1AzpIQKucpgQglTKA5qpJsE=,tag:TiXiC4RGfR9xfJJKm/Gp+g==,type:str] + lidarr: ENC[AES256_GCM,data:C1zKtt2oFIZMhGSqdDUcByECrORoboDrMrWxE2Pm0bI60X6fnFhl3x9HTlJlxXnifT+Ec0n+PoKsuTbmIHGIJmjHlj5EHRxteAHpTNP0qC8=,iv:6Nw6CXCuf1kfvTnGx5uZm1hL5rM3JWIM+WQXClkBQBc=,tag:Ym/CBv2zpu6VspUE7ZF8ZA==,type:str] jellyseerr: ENC[AES256_GCM,data:eKZo7Yw6j0qeyHidHu3R+2yZrHOMlM/O2VTY0CF/AUzm21LNO5UDItORoBCJfPvpnbA=,iv:jVJ77jXNwCEPRWKgKP8E7SrxdS0RFa486nq6cMkqvMc=,tag:Bndao3nx18nmJ1yaXLmWIg==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] @@ -50,8 +50,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-24T03:17:22Z" - mac: ENC[AES256_GCM,data:TreH0Z2S91ZyMreMSv0AIFJs1lrOCqTrsKHY2MrU0O+wdJlCdn4ggVGlS9L+oGpZ8fXoUcLdMvc0M3wCFZauM86SVMW+BDiPp93P6JLX8mDlLJPE1tfsw6ueaeKZJIhlbnlLSWHjNBrkybuT11HxXAjJIHav1Jf0S42lIMhq1Tc=,iv:ajcZxYvsMGmauj37MIJjWvzqlLAeqBiPbuqof2suTPU=,tag:7vQ4LnoHTrdUxnmhRgUANA==,type:str] + lastmodified: "2025-12-25T05:59:07Z" + mac: ENC[AES256_GCM,data:+WYmAwItp+NAZk1oyXFj8F7GPQSbzKxam0L1jWLTjbefkCZH7CujGbS/fUEsKz7wKqcti6jq7oRMtd8Qh8lmk0Gj3cn1kduNmRSJfvZP0ZKke8ojv5sW/H4B5fPSsck1ZhEPXzb+Uak7QqrHQQZ1fFdMQqTO7tVHK4q4lYdjQzc=,iv:zHsIIv4jlMZ1yhjISAw1hkgnDHWOqNqxRptgvAWBBhw=,tag:R49lPYiWtADnHkGiCVdffw==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |-