Zuckerberg
eb6a50664c
All checks were successful
Check Flake / check-flake (push) Successful in 17m43s
27 lines
698 B
Nix
27 lines
698 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.unifi;
|
|
in
|
|
{
|
|
options.services.unifi = {
|
|
# Open select Unifi ports instead of using openFirewall to avoid opening access to unifi's control panel
|
|
openMinimalFirewall = lib.mkEnableOption "Open bare minimum firewall ports";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.unifi.unifiPackage = pkgs.unifi;
|
|
services.unifi.mongodbPackage = pkgs.mongodb-7_0;
|
|
|
|
networking.firewall = lib.mkIf cfg.openMinimalFirewall {
|
|
allowedUDPPorts = [
|
|
3478 # STUN
|
|
10001 # used for device discovery.
|
|
];
|
|
allowedTCPPorts = [
|
|
8080 # Used for device and application communication.
|
|
];
|
|
};
|
|
};
|
|
}
|