update

dominicegginton · Jan 13, 2025 · 8377097 · 8377097
1 parent 232cb48
commit 8377097
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/modules/nixos/unifi.nix b/modules/nixos/unifi.nix
@@ -2,6 +2,20 @@
 
 let
   cfg = config.modules.services.unifi;
+  allowedRules = {
+    allowedTCPPorts = [
+      8080 # Port for UAP to inform controller.
+      8880 # Port used for HTTP portal redirection.
+      8843 # Port used for HTTPS portal redirection.
+      8443 # Port used for application GUI/API as seen in a web browser.
+      6789 # Port for UniFi mobile speed test.
+    ];
+    allowedUDPPorts = [
+      3478 # UDP port used for STUN.
+      1900 # Port used for "Make application discoverable on L2 network" in the UniFi Network settings.
+      10001 # Port used for device discovery.
+    ];
+  };
 in
 
 with lib;
@@ -14,5 +28,7 @@ with lib;
     services.unifi.openFirewall = true;
     services.unifi.unifiPackage = pkgs.unifi8;
     services.unifi.mongodbPackage = pkgs.mongodb-7_0;
+    networking.firewall.allowedTCPPorts = allowedRules.allowedTCPPorts;
+    networking.firewall.allowedUDPPorts = allowedRules.allowedUDPPorts;
   };
 }