From d98e01928e38fe18e611945d499747a386d14980 Mon Sep 17 00:00:00 2001
From: stitchy <stitchy@stitchy.moe>
Date: Sun, 22 Dec 2024 22:20:31 -0800
Subject: [PATCH] feat(tanzanite): open coturn ports

This opening the ports required for my coturn docker container. In the
near future, I would like to use agenix and do a fully nix-based coturn
configuration. It doesn't have any persistant data, so it should be a
good candidate to moving to a 100% nix based config.
---
 hosts/tanzanite/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hosts/tanzanite/default.nix b/hosts/tanzanite/default.nix
index 0130f96..3a9a1cc 100644
--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@@ -24,6 +24,7 @@ in {
     defaults.dnsProvider = "porkbun";
     defaults.environmentFile = "/persist/acme/porkbun.tokens";
     certs = {
+      "turn.stitchy.moe" = {};
     };
   };
 
@@ -69,7 +70,11 @@ in {
   };
 
   networking.firewall = {
-    allowedTCPPorts = [ 22 80 222 443 ];
+    allowedTCPPorts = [ 22 80 222 443 3478 5349 ];
+    allowedUDPPorts = [ 3478 5349 ];
+    allowedUDPPortRanges = [
+    { from = 19000; to = 20000; }
+    ];
   };
 
   # Boot Config