changedetection.io

author: Gregor Kleen <gkleen@yggdrasil.li> 2025-12-09 10:27:01 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2025-12-09 10:27:01 +0100
commit: 5d879efa0c9ed73d7f6f19acebb87843c86a46e2 (patch)
tree: 22f4302c5adcb8dfc76d86f6656fae542746c5a4 /hosts/vidhar
parent: c2c76862d348b4a32a0292bad0b954672c9e162d (diff)
download: nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.gz
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.bz2
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.xz
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.zip
4 files changed, 80 insertions, 2 deletions
diff --git a/hosts/vidhar/changedetection-io/changedetection-io_env b/hosts/vidhar/changedetection-io/changedetection-io_env
new file mode 100644
index 00000000..626c6f0e
--- /dev/null
+++ b/hosts/vidhar/changedetection-io/changedetection-io_env
@@ -0,0 +1,19 @@
+{
+        "data": "ENC[AES256_GCM,data:blHQ1oSNZfw7Xpkconzv7ft18WVSkINjoqnZAfKWsaTszMfYzZWNJ1uQ17UnfTmGJqvzaBBsToiOxzxUQBztamFY+CWXy3AqqqwgI5rOo14AiuvpCj7NvOA/7WVgq6RUoBaE9ao=,iv:RWvPBN5mIVzP2QQzNvU8ciTzRDBVhAk8Qu+6QuNO8/E=,tag:Q3jnhD+aZ7Qr8oUsdyRnLA==,type:str]",
+        "sops": {
+                "age": [
+                        {
+                                "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UUhJUmpoZTloWXRpVk1Y\nb3FYTEI4T0V6RGlyL3NoK3JXMEJKeUwraFEwCjBTZTBwUUVUbkt4Y1N6ajZiN2dF\nd2pHTFA0dHFYMjVFZnZhdnhrdW11Z2sKLS0tIFA2NllMUFk0ZENGblhMaXpiVmo4\nelZTRWdsVFIyRmRGTURTRmg4cWdsWVUKMY10ZEzhcZAC95W35e3To/DXkCptZeNG\nkmVVtP0VzE3AM2oA+W957MRX81PHKb27We6OmxGrIYITsz4Atjj+Vg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        },
+                        {
+                                "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVFmN3JHdE5HamYzSUlX\nVXBTM1QxZG9RU2V4SlphWUw4QTJoMDJ3QzNVCkhVbUZELzZ3eDZ3aWIxMDFqTUh4\nWncwUUs3dFBUOTVjUmZYL21CNnhSZ1EKLS0tIDJXRUpmVHBxUmRLWnpZOHNQaWdK\ndEF2Z00xUmJBczM2TmZ3N2Y2RmxFaW8KYVV1Q6gxC4TR5VzytLY3zo7O0QsXAYEc\nW9kifMY8dy7zDt1X8BNAO94nLqTDPFJ68uhra3QG5e4z6WHyoF5iLg==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2025-12-08T15:07:34Z",
+                "mac": "ENC[AES256_GCM,data:jQeuCBHj3ZKxYhRrADE4qskvcKzTcVV6lhAT8o1mxbb8RSdCsrAKnEC8o74TmMP7D5rup3jx73YoOPC71yDJLm+TXiIIHQWlPpiNRCrkBUcioJQbmQmiioRbKkojzb5q4ike2UOMcBUlv1q/ztlOk+av0nW607JV5/gDxuGE0tA=,iv:fOtYfrb3ubb3PU99p2l8sseja45r1ZMzIJG9Uhqn/xc=,tag:F3KFy1oIbVUBMwzNALbz5g==,type:str]",
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.11.0"
+        }
+}
diff --git a/hosts/vidhar/changedetection-io/default.nix b/hosts/vidhar/changedetection-io/default.nix
new file mode 100644
index 00000000..c6812747
--- /dev/null
+++ b/hosts/vidhar/changedetection-io/default.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, ... }:
+{
+  config = {
+    services.changedetection-io = {
+      enable = true;
+      behindProxy = true;
+      # playwrightSupport = true;
+      baseURL = "https://changedetection.yggdrasil.li";
+      listenAddress = "2a03:4000:52:ada:4:1::";
+      port = 5001;
+      environmentFile = config.sops.secrets."changedetection-io_env".path;
+    };
+    sops.secrets."changedetection-io_env" = {
+      format = "binary";
+      sopsFile = ./changedetection-io_env;
+    };
+    systemd.services.changedetection-io = {
+      path = with pkgs; [
+        poppler-utils
+      ];
+      serviceConfig = {
+        Environment = [
+          "PLAYWRIGHT_DRIVER_URL=ws://10.88.0.5:3000"
+          "DISABLE_VERSION_CHECK=true"
+          "MINIMUM_SECONDS_RECHECK_TIME=0"
+        ];
+      };
+    };
+    virtualisation.oci-containers.containers = {
+      changedetection-io-playwright = {
+        image = "dgtlmoon/sockpuppetbrowser";
+        pull = "newer";
+        environment = {
+          SCREEN_WIDTH = "1920";
+          SCREEN_HEIGHT = "1024";
+          SCREEN_DEPTH = "16";
+          MAX_CONCURRENT_CHROME_PROCESSES = "10";
+          STATS_REFRESH_SECONDS = "600";
+        };
+        extraOptions = [
+          "--ip=10.88.0.5"
+        ];
+      };
+    };
+  };
+}
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index 1c60ed22..c54d57cd 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
 {
  imports = with flake.nixosModules.systemProfiles; [
-    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai
+    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io
    tmpfs-root zfs
    initrd-all-crypto-modules default-locale openssh rebuild-machines
    build-server
@@ -387,6 +387,8 @@ with lib;
    environment.systemPackages = with pkgs; [iotop vmtouch];
+    virtualisation.oci-containers.backend = "podman";
    systemd.sysusers.enable = false;
    system.stateVersion = "21.05";
  };
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index dd750394..44b6b7a9 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -61,6 +61,7 @@ table inet filter {
  counter fw-lan {}
  counter fw-ppp {}
  counter fw-kimai {}
+  counter fw-podman {}
  counter fw-cups {}
@@ -97,6 +98,7 @@ table inet filter {
  counter hledger-rx {}
  counter audiobookshelf-rx {}
  counter kimai-rx {}
+  counter changedetection-rx {}
  counter established-rx {}
@@ -130,6 +132,7 @@ table inet filter {
  counter hledger-tx {}
  counter audiobookshelf-tx {}
  counter kimai-tx {}
+  counter changedetection-tx {}
  counter tx {}
@@ -154,9 +157,11 @@ table inet filter {
    oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
    iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept
    iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept
+    iifname podman0 ip saddr 10.88.0.5 oifname @pppInterface@ counter name fw-podman accept
    iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept
    iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept
+    iifname @pppInterface@ oifname podman0 ip daddr 10.88.0.5 ct state { established, related } counter name fw-podman accept
    iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
    iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
@@ -187,7 +192,7 @@ table inet filter {
    iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
    iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
-    iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
+    iifname { lan, mgmt, wifibh, yggdrasil, podman0 } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
    iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
@@ -214,6 +219,7 @@ table inet filter {
    iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept
    iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
    iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
+    iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
    ct state { established, related } counter name established-rx accept
@@ -266,6 +272,7 @@ table inet filter {
    iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept
    iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
    iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
+    iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
    counter name tx
author	Gregor Kleen <gkleen@yggdrasil.li>	2025-12-09 10:27:01 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2025-12-09 10:27:01 +0100
commit	5d879efa0c9ed73d7f6f19acebb87843c86a46e2 (patch)
tree	22f4302c5adcb8dfc76d86f6656fae542746c5a4 /hosts/vidhar
parent	c2c76862d348b4a32a0292bad0b954672c9e162d (diff)
download	nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.gz nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.bz2 nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.xz nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.zip

diff --git a/hosts/vidhar/changedetection-io/changedetection-io_env b/hosts/vidhar/changedetection-io/changedetection-io_env new file mode 100644 index 00000000..626c6f0e --- /dev/null +++ b/hosts/vidhar/changedetection-io/changedetection-io_env
@@ -0,0 +1,19 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:blHQ1oSNZfw7Xpkconzv7ft18WVSkINjoqnZAfKWsaTszMfYzZWNJ1uQ17UnfTmGJqvzaBBsToiOxzxUQBztamFY+CWXy3AqqqwgI5rOo14AiuvpCj7NvOA/7WVgq6RUoBaE9ao=,iv:RWvPBN5mIVzP2QQzNvU8ciTzRDBVhAk8Qu+6QuNO8/E=,tag:Q3jnhD+aZ7Qr8oUsdyRnLA==,type:str]",
		3	"sops": {
		4	"age": [
		5	{
		6	"recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
		7	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UUhJUmpoZTloWXRpVk1Y\nb3FYTEI4T0V6RGlyL3NoK3JXMEJKeUwraFEwCjBTZTBwUUVUbkt4Y1N6ajZiN2dF\nd2pHTFA0dHFYMjVFZnZhdnhrdW11Z2sKLS0tIFA2NllMUFk0ZENGblhMaXpiVmo4\nelZTRWdsVFIyRmRGTURTRmg4cWdsWVUKMY10ZEzhcZAC95W35e3To/DXkCptZeNG\nkmVVtP0VzE3AM2oA+W957MRX81PHKb27We6OmxGrIYITsz4Atjj+Vg==\n-----END AGE ENCRYPTED FILE-----\n"
		8	},
		9	{
		10	"recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
		11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcVFmN3JHdE5HamYzSUlX\nVXBTM1QxZG9RU2V4SlphWUw4QTJoMDJ3QzNVCkhVbUZELzZ3eDZ3aWIxMDFqTUh4\nWncwUUs3dFBUOTVjUmZYL21CNnhSZ1EKLS0tIDJXRUpmVHBxUmRLWnpZOHNQaWdK\ndEF2Z00xUmJBczM2TmZ3N2Y2RmxFaW8KYVV1Q6gxC4TR5VzytLY3zo7O0QsXAYEc\nW9kifMY8dy7zDt1X8BNAO94nLqTDPFJ68uhra3QG5e4z6WHyoF5iLg==\n-----END AGE ENCRYPTED FILE-----\n"
		12	}
		13	],
		14	"lastmodified": "2025-12-08T15:07:34Z",
		15	"mac": "ENC[AES256_GCM,data:jQeuCBHj3ZKxYhRrADE4qskvcKzTcVV6lhAT8o1mxbb8RSdCsrAKnEC8o74TmMP7D5rup3jx73YoOPC71yDJLm+TXiIIHQWlPpiNRCrkBUcioJQbmQmiioRbKkojzb5q4ike2UOMcBUlv1q/ztlOk+av0nW607JV5/gDxuGE0tA=,iv:fOtYfrb3ubb3PU99p2l8sseja45r1ZMzIJG9Uhqn/xc=,tag:F3KFy1oIbVUBMwzNALbz5g==,type:str]",
		16	"unencrypted_suffix": "_unencrypted",
		17	"version": "3.11.0"
		18	}
		19	}


diff --git a/hosts/vidhar/changedetection-io/default.nix b/hosts/vidhar/changedetection-io/default.nix new file mode 100644 index 00000000..c6812747 --- /dev/null +++ b/hosts/vidhar/changedetection-io/default.nix
@@ -0,0 +1,50 @@
		1	{ config, pkgs, ... }:
		2
		3	{
		4	config = {
		5	services.changedetection-io = {
		6	enable = true;
		7	behindProxy = true;
		8	# playwrightSupport = true;
		9	baseURL = "https://changedetection.yggdrasil.li";
		10	listenAddress = "2a03:4000:52:ada:4:1::";
		11	port = 5001;
		12	environmentFile = config.sops.secrets."changedetection-io_env".path;
		13	};
		14
		15	sops.secrets."changedetection-io_env" = {
		16	format = "binary";
		17	sopsFile = ./changedetection-io_env;
		18	};
		19
		20	systemd.services.changedetection-io = {
		21	path = with pkgs; [
		22	poppler-utils
		23	];
		24	serviceConfig = {
		25	Environment = [
		26	"PLAYWRIGHT_DRIVER_URL=ws://10.88.0.5:3000"
		27	"DISABLE_VERSION_CHECK=true"
		28	"MINIMUM_SECONDS_RECHECK_TIME=0"
		29	];
		30	};
		31	};
		32
		33	virtualisation.oci-containers.containers = {
		34	changedetection-io-playwright = {
		35	image = "dgtlmoon/sockpuppetbrowser";
		36	pull = "newer";
		37	environment = {
		38	SCREEN_WIDTH = "1920";
		39	SCREEN_HEIGHT = "1024";
		40	SCREEN_DEPTH = "16";
		41	MAX_CONCURRENT_CHROME_PROCESSES = "10";
		42	STATS_REFRESH_SECONDS = "600";
		43	};
		44	extraOptions = [
		45	"--ip=10.88.0.5"
		46	];
		47	};
		48	};
		49	};
		50	}


diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 1c60ed22..c54d57cd 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
4		4
5	{	5	{
6	imports = with flake.nixosModules.systemProfiles; [	6	imports = with flake.nixosModules.systemProfiles; [
7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai	7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io
8	tmpfs-root zfs	8	tmpfs-root zfs
9	initrd-all-crypto-modules default-locale openssh rebuild-machines	9	initrd-all-crypto-modules default-locale openssh rebuild-machines
10	build-server	10	build-server
@@ -387,6 +387,8 @@ with lib;
387		387
388	environment.systemPackages = with pkgs; [iotop vmtouch];	388	environment.systemPackages = with pkgs; [iotop vmtouch];
389		389
		390	virtualisation.oci-containers.backend = "podman";
		391
390	systemd.sysusers.enable = false;	392	systemd.sysusers.enable = false;
391	system.stateVersion = "21.05";	393	system.stateVersion = "21.05";
392	};	394	};


diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index dd750394..44b6b7a9 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -61,6 +61,7 @@ table inet filter {
61	counter fw-lan {}	61	counter fw-lan {}
62	counter fw-ppp {}	62	counter fw-ppp {}
63	counter fw-kimai {}	63	counter fw-kimai {}
		64	counter fw-podman {}
64		65
65	counter fw-cups {}	66	counter fw-cups {}
66		67
@@ -97,6 +98,7 @@ table inet filter {
97	counter hledger-rx {}	98	counter hledger-rx {}
98	counter audiobookshelf-rx {}	99	counter audiobookshelf-rx {}
99	counter kimai-rx {}	100	counter kimai-rx {}
		101	counter changedetection-rx {}
100		102
101	counter established-rx {}	103	counter established-rx {}
102		104
@@ -130,6 +132,7 @@ table inet filter {
130	counter hledger-tx {}	132	counter hledger-tx {}
131	counter audiobookshelf-tx {}	133	counter audiobookshelf-tx {}
132	counter kimai-tx {}	134	counter kimai-tx {}
		135	counter changedetection-tx {}
133		136
134	counter tx {}	137	counter tx {}
135		138
@@ -154,9 +157,11 @@ table inet filter {
154	oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept	157	oifname { lan, @pppInterface@, bifrost } meta l4proto $icmp_protos jump forward_icmp_accept
155	iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept	158	iifname lan oifname { @pppInterface@, bifrost } counter name fw-lan accept
156	iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept	159	iifname ve-kimai oifname @pppInterface@ counter name fw-kimai accept
		160	iifname podman0 ip saddr 10.88.0.5 oifname @pppInterface@ counter name fw-podman accept
157		161
158	iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept	162	iifname @pppInterface@ oifname lan ct state { established, related } counter name fw-ppp accept
159	iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept	163	iifname @pppInterface@ oifname ve-kimai ct state { established, related } counter name fw-kimai accept
		164	iifname @pppInterface@ oifname podman0 ip daddr 10.88.0.5 ct state { established, related } counter name fw-podman accept
160		165
161	iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept	166	iifname bifrost oifname ve-kimai tcp dport 80 ip6 saddr $bifrost_surtr ip6 daddr 2a03:4000:52:ada:6::2 counter name kimai-rx accept
162	iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept	167	iifname ve-kimai oifname bifrost tcp sport 80 ip6 saddr 2a03:4000:52:ada:6::2 ip6 daddr $bifrost_surtr counter name kimai-tx accept
@@ -187,7 +192,7 @@ table inet filter {
187	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept	192	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept
188	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept	193	iifname { lan, mgmt, @pppInterface@, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept
189		194
190	iifname { lan, mgmt, wifibh, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept	195	iifname { lan, mgmt, wifibh, yggdrasil, podman0 } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept
191		196
192	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept	197	iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept
193		198
@@ -214,6 +219,7 @@ table inet filter {
214	iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept	219	iifname bifrost tcp dport 28981 ip6 saddr $bifrost_surtr counter name paperless-rx accept
215	iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept	220	iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
216	iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept	221	iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
		222	iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
217		223
218	ct state { established, related } counter name established-rx accept	224	ct state { established, related } counter name established-rx accept
219		225
@@ -266,6 +272,7 @@ table inet filter {
266	iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept	272	iifname bifrost tcp sport 28981 ip6 daddr $bifrost_surtr counter name paperless-tx accept
267	iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept	273	iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
268	iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept	274	iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
		275	iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
269		276
270		277
271	counter name tx	278	counter name tx