From 7201c90cc7b2334d22db480487c83183e147834b Mon Sep 17 00:00:00 2001
From: shtlrs <amrbellalouna@gmail.com>
Date: Mon, 19 Aug 2024 15:07:30 +0100
Subject: allow needed tcp and udp traffic for jitsi services

---
 ansible/group_vars/all/nftables.yml | 14 ++++++++++++++
 ansible/inventory/hosts.yaml        |  3 +++
 2 files changed, 17 insertions(+)

(limited to 'ansible')

diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml
index 64d7976..2e8f61a 100644
--- a/ansible/group_vars/all/nftables.yml
+++ b/ansible/group_vars/all/nftables.yml
@@ -87,6 +87,20 @@ nftables_configuration: |
   {% if ansible_default_ipv6 is defined %}
       iifname {{ ansible_default_ipv6.interface }} tcp dport @mail_accepted ct state new accept
   {% endif %}
+  {% endif %}
+
+  {% if "jitsi" in group_names %}
+      # Ports needed by Jitsi
+      define jitsi_tcp_ports = {5349}
+      define jitsi_udp_ports = {3478, 10000}
+
+      iifname {{ ansible_default_ipv4.interface }} tcp dport $jitsi_tcp_ports ct state new accept
+      iifname {{ ansible_default_ipv4.interface }} udp dport $jitsi_udp_ports ct state new accept
+  {% if ansible_default_ipv6 is defined %}
+      iifname {{ ansible_default_ipv6.interface }} tcp dport $jitsi_tcp_ports ct state new accept
+      iifname {{ ansible_default_ipv6.interface }} udp dport $jitsi_udp_ports ct state new accept
+  {% endif %}
+
   {% endif %}
     }
 
diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml
index 4a2f24c..9768187 100644
--- a/ansible/inventory/hosts.yaml
+++ b/ansible/inventory/hosts.yaml
@@ -24,5 +24,8 @@ all:
     mail:
       hosts:
         lovelace:
+    jitsi:
+      hosts:
+        lovelace:
   vars:
     wireguard_port: 46850
-- 
cgit v1.2.3