initial commit

services/coturn/firewall.nix

@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.machine.coturn;
+in
+with lib; mkIf cfg.enable {
+  networking.firewall = {
+    interfaces.enp2s0 =
+      let
+        range = with config.services.coturn; [
+          {
+            from = min-port;
+            to = max-port;
+          }
+        ];
+      in
+      {
+        allowedUDPPortRanges = range;
+        allowedUDPPorts = [
+          3478
+          5349
+        ];
+        allowedTCPPortRanges = [ ];
+        allowedTCPPorts = [
+          3478
+          5349
+        ];
+      };
+  };
+}