diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-08-17 06:24:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-17 06:24:55 +0200 |
commit | efab1cb928020434054e00b25a8867331da738ec (patch) | |
tree | f391a0cd038f900dd8c9da0959f1b9ba0403be9a /nixos | |
parent | 25714389880bca029e708bad113c72ed54a6e5f7 (diff) | |
parent | 102472b8dec39c66c5386e8209e08dfac3ccee3c (diff) | |
download | nixlib-efab1cb928020434054e00b25a8867331da738ec.tar nixlib-efab1cb928020434054e00b25a8867331da738ec.tar.gz nixlib-efab1cb928020434054e00b25a8867331da738ec.tar.bz2 nixlib-efab1cb928020434054e00b25a8867331da738ec.tar.lz nixlib-efab1cb928020434054e00b25a8867331da738ec.tar.xz nixlib-efab1cb928020434054e00b25a8867331da738ec.tar.zst nixlib-efab1cb928020434054e00b25a8867331da738ec.zip |
Merge pull request #17782 from Baughn/unifi-fix
Unifi controller fixes
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/unifi.nix | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index cb5a88e67aae..a8cff638d3b2 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -46,6 +46,18 @@ in ''; }; + services.unifi.openPorts = mkOption { + type = types.bool; + default = true; + description = '' + Whether or not to open the minimum required ports on the firewall. + + This is necessary to allow firmware upgrades and device discovery to + work. For remote login, you should additionally open (or forward) port + 8443. + ''; + }; + }; config = mkIf cfg.enable { @@ -56,6 +68,19 @@ in home = "${stateDir}"; }; + networking.firewall = mkIf cfg.openPorts { + # https://help.ubnt.com/hc/en-us/articles/204910084-UniFi-Change-Default-Ports-for-Controller-and-UAPs + allowedTCPPorts = [ + 8080 # Port for UAP to inform controller. + 8880 # Port for HTTP portal redirect, if guest portal is enabled. + 8843 # Port for HTTPS portal redirect, ditto. + ]; + allowedUDPPorts = [ + 3478 # UDP port used for STUN. + 10001 # UDP port used for device discovery. + ]; + }; + # We must create the binary directories as bind mounts instead of symlinks # This is because the controller resolves all symlinks to absolute paths # to be used as the working directory. @@ -79,9 +104,9 @@ in environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib"; preStart = '' - # Ensure privacy of state - chown unifi "${stateDir}" - chmod 0700 "${stateDir}" + # Ensure privacy of state and data. + chown unifi "${stateDir}" "${stateDir}/data" + chmod 0700 "${stateDir}" "${stateDir}/data" # Create the volatile webapps rm -rf "${stateDir}/webapps" |