From ae8f633713f657439027d75fc551fb3dcfd9e743 Mon Sep 17 00:00:00 2001 From: Myned <dev@bjork.tech> Date: Wed, 26 Mar 2025 20:51:44 -0500 Subject: [PATCH] firewall: close unnecessary ports --- machines/mynix/default.nix | 2 +- options/custom/containers/adguardhome.nix | 8 ++++---- options/custom/containers/oryx.nix | 2 +- options/custom/containers/owncast.nix | 2 +- options/custom/services/samba.nix | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/machines/mynix/default.nix b/machines/mynix/default.nix index 7ead590..4dd4012 100644 --- a/machines/mynix/default.nix +++ b/machines/mynix/default.nix @@ -24,7 +24,7 @@ settings = { games = { enable = true; - abiotic-factor = true; + #// abiotic-factor = true; }; hardware = { diff --git a/options/custom/containers/adguardhome.nix b/options/custom/containers/adguardhome.nix index a640dab..5ebca69 100644 --- a/options/custom/containers/adguardhome.nix +++ b/options/custom/containers/adguardhome.nix @@ -43,13 +43,13 @@ in { # https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption networking.firewall = { allowedTCPPorts = [ - 53 # DNS - 853 # DNS-over-TLS + #// 53 # DNS + #// 853 # DNS-over-TLS ]; allowedUDPPorts = [ - 53 # DNS - 853 # DNS-over-QUIC + #// 53 # DNS + #// 853 # DNS-over-QUIC ]; }; diff --git a/options/custom/containers/oryx.nix b/options/custom/containers/oryx.nix index d038cdc..05db7e0 100644 --- a/options/custom/containers/oryx.nix +++ b/options/custom/containers/oryx.nix @@ -41,7 +41,7 @@ in { networking.firewall = { allowedTCPPorts = [ - 1935 # RTMP + #// 1935 # RTMP ]; allowedUDPPorts = [ diff --git a/options/custom/containers/owncast.nix b/options/custom/containers/owncast.nix index 31f1a90..581fa41 100644 --- a/options/custom/containers/owncast.nix +++ b/options/custom/containers/owncast.nix @@ -28,7 +28,7 @@ in { networking.firewall = { allowedTCPPorts = [ - 1935 # RTMP + #// 1935 # RTMP ]; }; }; diff --git a/options/custom/services/samba.nix b/options/custom/services/samba.nix index da8117e..1b39abd 100644 --- a/options/custom/services/samba.nix +++ b/options/custom/services/samba.nix @@ -19,7 +19,7 @@ in { enable = true; nmbd.enable = false; nsswins = false; - openFirewall = true; + #// openFirewall = true; # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html settings = {