sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor radicale setup

Browse source
This commit is contained in:
Sonny Bakker 2025-04-06 09:34:33 +02:00
parent a5e6468cb4
commit 634bd0433f
19 changed files with 214 additions and 564 deletions
Download patch file Download diff file Expand all files Collapse all files

5
templates/nftables.j2
View file

@ -54,11 +54,13 @@ table ip filter {
tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS"
tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
tcp dport {{ mpd_port }} ip saddr . ip daddr @vpn_set accept comment "MPD"
tcp dport {{ mpd_http_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP stream"
tcp dport {{ mpd_http_mobile_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP mobile stream"
@ -80,5 +82,6 @@ table ip filter {
chain DOCKER-USER {
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept
}
}