From 9824a769c10c9dde08833a8a5387e55a3f876498 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Tue, 11 Nov 2025 13:48:08 +0100
Subject: [PATCH] System/Servenix: Open TeamSpeak ports

---
 system/servenix/default.nix     | 28 +++++++++++++++++-----------
 system/services/authelia.nix    |  4 +---
 system/services/formula10.nix   |  2 +-
 system/services/formula11.nix   |  6 ++----
 system/services/gitea.nix       |  2 +-
 system/services/immich.nix      |  2 +-
 system/services/jellyfin.nix    |  2 +-
 system/services/nextcloud.nix   |  2 +-
 system/services/paperless.nix   |  2 +-
 system/services/statespaces.nix |  2 +-
 system/services/teamspeak.nix   |  1 +
 11 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/system/servenix/default.nix b/system/servenix/default.nix
index fc645054..5eec5426 100644
--- a/system/servenix/default.nix
+++ b/system/servenix/default.nix
@@ -62,21 +62,27 @@
       };
 
       allowedTCPPorts = [
-        53 # DNS
-        80 # HTTP
-        3000 # Gitea runner needs to reach local gitea instance
-        # 9987 # Teamspeak
-        # 30033 # Teamspeak
-        # 10080 # Teamspeak
+        53 # DNS (Adguard Home)
+        67 # DHCP
+        80 # HTTP (Nginx Proxy Manager)
+        443 # HTTPS (Nginx Proxy Manager)
+
+        3000 # Gitea (runner needs to reach local gitea instance)
+
+        30033 # Teamspeak
+        10080 # Teamspeak
       ];
 
       allowedUDPPorts = [
-        53 # DNS
+        53 # DNS (Adguard Home)
         67 # DHCP
-        3000 # Gitea runner needs to reach local gitea instance
-        # 9987 # Teamspeak
-        # 30033 # Teamspeak
-        # 10080 # Teamspeak
+        80 # HTTP (Nginx Proxy Manager)
+        443 # HTTPS (Nginx Proxy Manager)
+
+        3000 # Gitea (runner needs to reach local gitea instance)
+
+        30033 # Teamspeak
+        9987 # Teamspeak
       ];
     };
 
diff --git a/system/services/authelia.nix b/system/services/authelia.nix
index f503b961..910f8948 100644
--- a/system/services/authelia.nix
+++ b/system/services/authelia.nix
@@ -20,9 +20,7 @@ in {
         passwordFile = "${config.sops.secrets.docker-password.path}";
       };
 
-      dependsOn = [
-        # "pihole"
-      ];
+      dependsOn = [];
 
       ports = [
         # "9091:9091"
diff --git a/system/services/formula10.nix b/system/services/formula10.nix
index 3bea1174..43dd96ad 100644
--- a/system/services/formula10.nix
+++ b/system/services/formula10.nix
@@ -14,7 +14,7 @@ in {
       dependsOn = [];
 
       ports = [
-        "55555:5000"
+        "55555:5000" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/formula11.nix b/system/services/formula11.nix
index 8e8eafd8..7f27558f 100644
--- a/system/services/formula11.nix
+++ b/system/services/formula11.nix
@@ -12,12 +12,10 @@ in {
       image = "gitea.vps.chriphost.de/christoph/pocketbase:${pocketbaseVersion}";
       autoStart = true;
 
-      dependsOn = [
-        # "pihole"
-      ];
+      dependsOn = [];
 
       ports = [
-        "8090:8080"
+        "8090:8080" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/gitea.nix b/system/services/gitea.nix
index 635a5b79..74a5a5f1 100644
--- a/system/services/gitea.nix
+++ b/system/services/gitea.nix
@@ -72,7 +72,7 @@ in {
       ];
 
       ports = [
-        "3000:3000"
+        "3000:3000" # Bind for VPS
 
         # NOTE: Set .git/config url to ssh://christoph@gitea.local.chriphost.de:222/christoph/<repo>.git
         "222:222" # Gitea SSH
diff --git a/system/services/immich.nix b/system/services/immich.nix
index 53fa887a..85fabbb4 100644
--- a/system/services/immich.nix
+++ b/system/services/immich.nix
@@ -73,7 +73,7 @@ in {
       ];
 
       ports = [
-        "2283:8080"
+        "2283:8080" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/jellyfin.nix b/system/services/jellyfin.nix
index eaadfdc0..6f4e70fd 100644
--- a/system/services/jellyfin.nix
+++ b/system/services/jellyfin.nix
@@ -25,7 +25,7 @@ in {
       ];
 
       ports = [
-        "8096:8096"
+        "8096:8096" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/nextcloud.nix b/system/services/nextcloud.nix
index c6e021d1..47e0f2d6 100644
--- a/system/services/nextcloud.nix
+++ b/system/services/nextcloud.nix
@@ -112,7 +112,7 @@ in {
       ];
 
       ports = [
-        "8080:80"
+        "8080:80" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/paperless.nix b/system/services/paperless.nix
index c65510a0..55c229b5 100644
--- a/system/services/paperless.nix
+++ b/system/services/paperless.nix
@@ -125,7 +125,7 @@ in {
       ];
 
       ports = [
-        "8000:8000"
+        "8000:8000" # Bind for VPS
       ];
 
       volumes = [
diff --git a/system/services/statespaces.nix b/system/services/statespaces.nix
index 1ebd18f3..2389689e 100644
--- a/system/services/statespaces.nix
+++ b/system/services/statespaces.nix
@@ -14,7 +14,7 @@ in {
       ports = [
         # "8080:8090"
         # "3111:5173"
-        "3111:8080"
+        "3111:8080" # Bind for VPS
       ];
 
       volumes = [];
diff --git a/system/services/teamspeak.nix b/system/services/teamspeak.nix
index d92febdf..8e7a47e3 100644
--- a/system/services/teamspeak.nix
+++ b/system/services/teamspeak.nix
@@ -23,6 +23,7 @@ in {
       dependsOn = [];
 
       ports = [
+        # Bind for VPS
         "9987:9987/udp" # Voice port
         "30033:30033" # File transfer
         "10080:10080/tcp" # Web query