add coturn to firewall

This commit is contained in:
Motiejus Jakštys 2023-03-01 13:06:53 +02:00
parent f537b43a0d
commit 5f1f3e1bfc

View File

@ -344,6 +344,8 @@ in {
coturn = {
enable = true;
static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret";
min-port = 49152;
max-port = 49999;
cert = "/run/coturn/tls-cert.pem";
pkey = "/run/coturn/tls-key.pem";
};
@ -393,8 +395,9 @@ in {
hostName = "hel1-a";
domain = "jakstys.lt";
firewall = {
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [ 80 443 3478 5349 ];
allowedUDPPorts = [ 443 ];
allowedUDPPortRanges = [ { from = 49152; to = 49999; } ]; # coturn
checkReversePath = "loose"; # tailscale insists on this
};
};