From 7d64801ae262243d2db14b47006445ff02103f48 Mon Sep 17 00:00:00 2001
From: Menno van Leeuwen <menno@vleeuwen.me>
Date: Sat, 16 Nov 2024 01:35:44 +0100
Subject: [PATCH] adds allowedTCPPorts for local network access in docker0
 interface

---
 config/nixos/common/server.nix | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/config/nixos/common/server.nix b/config/nixos/common/server.nix
index d5a0203..9814794 100644
--- a/config/nixos/common/server.nix
+++ b/config/nixos/common/server.nix
@@ -23,14 +23,24 @@
       400 # SSH
       80 # HTTP
       443 # HTTPS
+
       22 # Git over SSH
       32400 # Plex
-
-      7788 # Sabnzbd
-      8085 # Qbittorrent
     ];
     allowedUDPPorts = [
       51820 # WireGuard
     ];
   };
+
+  # Allow local network access only
+  interfaces = {
+    "docker0" = {
+      allowedTCPPorts = [
+        7788 # Sabnzbd
+        8085 # Qbittorrent
+        81 # Nginx Proxy Manager
+        3030 # Gitea
+      ];
+    };
+  };
 }