gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(exports): service access

Browse source
This commit is contained in:
arcnmx 2024-02-19 17:34:39 -08:00
parent 91918b8061
commit 871b1c5b2d
69 changed files with 1317 additions and 509 deletions
Download patch file Download diff file Expand all files Collapse all files

22
nixos/unifi.nix
View file

@ -4,7 +4,7 @@
lib,
...
}: let
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (lib.modules) mkIf mkDefault;
cfg = config.services.unifi;
in {
services.unifi = {
@ -14,21 +14,25 @@ in {
#mongodbPackage = mkDefault pkgs.mongodb-5_0;
};
networking.firewall.interfaces.local = mkIf cfg.enable {
allowedTCPPorts = mkMerge [
[
networking.firewall = mkIf cfg.enable {
interfaces.int = {
allowedTCPPorts = [
8443 # remote login
]
(mkIf (!cfg.openFirewall) [
];
};
interfaces.local = {
allowedTCPPorts = mkIf (!cfg.openFirewall) [
8080 # Port for UAP to inform controller.
8880 # Port for HTTP portal redirect, if guest portal is enabled.
8843 # Port for HTTPS portal redirect, ditto.
6789 # Port for UniFi mobile speed test.
])
];
];
allowedUDPPorts = mkIf (!cfg.openFirewall) [
10001 # UDP port used for device discovery.
];
};
allowedUDPPorts = mkIf (!cfg.openFirewall) [
3478 # UDP port used for STUN.
10001 # UDP port used for device discovery.
];
};