pyrox.dev / nixpkgs
lol
fork atom

unifi: Open required ports by default.

The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.

Svein Ove Aas 102472b8 e3f0a09b

+27 -2
unified split
+27 -2
nixos/modules/services/networking/unifi.nix
··· 46 ''; 47 }; 48 49 }; 50 51 config = mkIf cfg.enable { ··· 56 home = "${stateDir}"; 57 }; 58 59 # We must create the binary directories as bind mounts instead of symlinks 60 # This is because the controller resolves all symlinks to absolute paths 61 # to be used as the working directory. ··· 80 81 preStart = '' 82 # Ensure privacy of state and data. 83 - chown unifi "${stateDir}" "${dataDir}" 84 - chmod 0700 "${stateDir}" "${dataDir}" 85 86 # Create the volatile webapps 87 rm -rf "${stateDir}/webapps"
··· 46 ''; 47 }; 48 49 + services.unifi.openPorts = mkOption { 50 + type = types.bool; 51 + default = true; 52 + description = '' 53 + Whether or not to open the minimum required ports on the firewall. 54 + 55 + This is necessary to allow firmware upgrades and device discovery to 56 + work. For remote login, you should additionally open (or forward) port 57 + 8443. 58 + ''; 59 + }; 60 + 61 }; 62 63 config = mkIf cfg.enable { ··· 68 home = "${stateDir}"; 69 }; 70 71 + networking.firewall = mkIf cfg.openPorts { 72 + # https://help.ubnt.com/hc/en-us/articles/204910084-UniFi-Change-Default-Ports-for-Controller-and-UAPs 73 + allowedTCPPorts = [ 74 + 8080 # Port for UAP to inform controller. 75 + 8880 # Port for HTTP portal redirect, if guest portal is enabled. 76 + 8843 # Port for HTTPS portal redirect, ditto. 77 + ]; 78 + allowedUDPPorts = [ 79 + 3478 # UDP port used for STUN. 80 + 10001 # UDP port used for device discovery. 81 + ]; 82 + }; 83 + 84 # We must create the binary directories as bind mounts instead of symlinks 85 # This is because the controller resolves all symlinks to absolute paths 86 # to be used as the working directory. ··· 105 106 preStart = '' 107 # Ensure privacy of state and data. 108 + chown unifi "${stateDir}" "${stateDir}/data" 109 + chmod 0700 "${stateDir}" "${stateDir}/data" 110 111 # Create the volatile webapps 112 rm -rf "${stateDir}/webapps"