add coturn to firewall

2023-03-01 13:06:53 +02:00 · 2023-03-01 13:06:53 +02:00 · 5f1f3e1bfc
commit 5f1f3e1bfc
parent f537b43a0d
1 changed files with 4 additions and 1 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -344,6 +344,8 @@ in {
    coturn = {
      enable = true;
      static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret";
+      min-port = 49152;
+      max-port = 49999;
      cert = "/run/coturn/tls-cert.pem";
      pkey = "/run/coturn/tls-key.pem";
    };
@ -393,8 +395,9 @@ in {
    hostName = "hel1-a";
    domain = "jakstys.lt";
    firewall = {
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [ 80 443 3478 5349 ];
      allowedUDPPorts = [ 443 ];
+      allowedUDPPortRanges = [ { from = 49152; to = 49999; } ]; # coturn
      checkReversePath = "loose"; # tailscale insists on this
    };
  };