genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-05-31 07:45:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add dots.ports module: fleet-wide service port registry (nixnuc + hetznix01)

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Gene Liverman 2026-05-28 22:42:49 -04:00
parent 84a5c695b0
commit 94fdc678e4
No known key found for this signature in database
15 changed files with 353 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

102
modules/hosts/nixos/nixnuc/ports.nix Normal file
View file

@ -0,0 +1,102 @@
{
config.dots.ports = {
# Override global photon default: open the firewall on this host
photon = {
openFirewall = true;
};
# Firewalled TCP services
psitransfer = {
port = 3000;
openFirewall = true;
};
immich-kiosk = {
port = 3001;
openFirewall = true;
};
grafana = {
port = 3002;
openFirewall = true;
};
fireflyiii = {
port = 3005;
openFirewall = true;
};
fireflyiii-importer = {
port = 3006;
openFirewall = true;
};
cup-collector = {
port = 3010;
openFirewall = true;
};
forgejo = {
port = 3030;
openFirewall = true;
};
youtarr = {
port = 3087;
openFirewall = true;
};
tube-archivist = {
port = 8001;
openFirewall = true;
};
syncthing-gui = {
port = 8384;
openFirewall = true;
};
atuin = {
port = 8888;
openFirewall = true;
};
wallabag = {
port = 8090;
openFirewall = true;
};
pocketbase = {
port = 8091;
openFirewall = true;
};
pinchflat = {
port = 8945;
openFirewall = true;
};
audiobookshelf = {
port = 13378;
openFirewall = true;
};
# Internal-only TCP services (proxied via nginx, not firewalled)
pocket-id = {
port = 1411;
};
immich = {
port = 2283;
};
cadvisor = {
port = 8081;
};
victoriametrics = {
port = 8428;
};
jellyfin = {
port = 8096;
};
mealie = {
port = 9000;
};
# UDP services
jellyfin-ssdp = {
port = 1900;
protocol = "udp";
openFirewall = true;
};
jellyfin-discovery = {
port = 7359;
protocol = "udp";
openFirewall = true;
};
};
}