chore: firewall tweaks

nixos/access/kanidm.nix

@@ -146,8 +146,13 @@ in {
       ])
     ];
 
-    networking.firewall.allowedTCPPorts = [
-      389 636
+    networking.firewall = {
+      interfaces.local.allowedTCPPorts = [
+        389
+      ];
+      allowedTCPPorts = [
+        636
       ];
     };
+  };
 }

nixos/plex.nix

@@ -9,16 +9,10 @@
   # * 32469 - Plex DLNA Server
   # UDP:
   # * 1900 - DLNA
-  # * 5353 - Bonjour / Avahi
   # * 32410, 32412, 32413, 32414 - GDM Network Discovery
 
-  # Tautulli and Ombi will also be reverse proxied, presumably
-
-  networking.firewall = {
-    interfaces.local.allowedTCPPorts = [
-      32400
-    ];
-    allowedTCPPorts = [8324 32469 8181 5000];
-    allowedUDPPorts = [1900 5353 32410 32412 32413 32414];
+  networking.firewall.interfaces.local = {
+    allowedTCPPorts = [32400 8324 32469];
+    allowedUDPPorts = [1900 32410 32412 32413 32414];
   };
 }

nixos/syncplay.nix

@@ -27,7 +27,7 @@ in {
   };
   users.groups.${cfg.group} = {};
 
-  networking.firewall.allowedTCPPorts = [cfg.port];
+  networking.firewall.interfaces.local.allowedTCPPorts = [cfg.port];
 
   services.syncplay = {
     enable = true;