From 5f1f3e1bfc99c4b108181193b32ce6b2e15e97d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Wed, 1 Mar 2023 13:06:53 +0200
Subject: [PATCH] add coturn to firewall

---
 configuration.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/configuration.nix b/configuration.nix
index 3474557..7d55ac0 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -344,6 +344,8 @@ in {
     coturn = {
       enable = true;
       static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret";
+      min-port = 49152;
+      max-port = 49999;
       cert = "/run/coturn/tls-cert.pem";
       pkey = "/run/coturn/tls-key.pem";
     };
@@ -393,8 +395,9 @@ in {
     hostName = "hel1-a";
     domain = "jakstys.lt";
     firewall = {
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [ 80 443 3478 5349 ];
       allowedUDPPorts = [ 443 ];
+      allowedUDPPortRanges = [ { from = 49152; to = 49999; } ]; # coturn
       checkReversePath = "loose"; # tailscale insists on this
     };
   };