sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Include jellyfin provisioning

Browse source
This commit is contained in:
Sonny Bakker 2025-04-18 21:13:55 +02:00
parent 9d49bcfa22
commit b76c210390
10 changed files with 192 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/nftables.j2
View file

@ -52,7 +52,7 @@ table ip filter {
chain vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"
tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS"
tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS" # TODO: remove?
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
@ -75,7 +75,7 @@ table ip filter {
chain media_vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"
tcp dport {{ jellyfin_http_port }} ip saddr . ip daddr @vpn_media_set accept comment "Jellyfin HTTP"
tcp dport { 80, 443 } ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
}
# docker's user configurable forward hook chain
@ -83,5 +83,7 @@ table ip filter {
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept
iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept
iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept
}
}