Move pedro firewall setup to firewall.nix

2022-10-13 08:46:54 -04:00 · 2022-10-13 08:46:54 -04:00 · 947dc6fbd5
commit 947dc6fbd5
parent 8f2f6b45a1
2 changed files with 20 additions and 19 deletions
--- a/machines/pedro/configuration.nix
+++ b/machines/pedro/configuration.nix
@ -67,25 +67,7 @@
        };
      };
    };
-    firewall = {
-      allowedTCPPorts = [
-        8384 22000  # syncthing
-        8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
-        53 8088  # pihole
-        #3000  # gitea
-        #8081  # vaultwarden
-        #8000  # paperless
-        80 443  # reverse proxy
-      ];
-      allowedUDPPorts = [
-        22000 21027  # syncthing
-        3478 5514 10001 1900 123 # unifi
-        53  # pihole
-      ];
-      allowedUDPPortRanges = [
-        { from = 5656; to = 5699; }  # unifi
-      ];
-    };
+    firewall = import ./firewall.nix;
    timeServers = [ "192.168.88.1" ] ++ options.networking.timeServers.default;
  };

--- a/machines/pedro/firewall.nix
+++ b/machines/pedro/firewall.nix
@ -0,0 +1,19 @@
+{
+  allowedTCPPorts = [
+    8384 22000  # syncthing
+    8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
+    53 8088  # pihole
+    #8123  # home-assistant
+    #3000  # gitea
+    #8081  # vaultwarden
+    80 443  # reverse proxy
+  ];
+  allowedUDPPorts = [
+    22000 21027  # syncthing
+    3478 5514 10001 1900 123 # unifi
+    53  # pihole
+  ];
+  allowedUDPPortRanges = [
+    { from = 5656; to = 5699; }  # unifi
+  ];
+}