Network Requirements
Complete list of network endpoints and firewall rules required for SeloraBox installation and operation.
Selorabox
Network
Firewall
Installation
SeloraBox
Selorabox, Network, Firewall, InstallationComplete list of network endpoints and firewall rules required for SeloraBox installation and operation.Search results
Network Requirements
SeloraBox requires network connectivity for installation, updates, and ongoing operation. This page documents all required endpoints and firewall rules.
Quick Reference
| Service | Port | Protocol | Purpose |
|---|---|---|---|
cache.nixos.org | 443 | TCP | NixOS package cache |
github.com | 443 | TCP | HAOS images, Newt releases, Nix flakes |
gitlab.com | 443 | TCP | Config/update pulls |
connect.selorahomes.com | 443 | TCP | Backend API |
s3.us-east-1.amazonaws.com | 443 | TCP | Backup storage |
*.pool.ntp.org | 123 | UDP | Time sync |
dashboard.selorabox.com | 51820 | UDP | Remote access (WireGuard) - only if configured |
dashboard.selorabox.com | 21820 | UDP | Remote access (WireGuard) - only if configured |
Basic Requirements
- Ethernet connection with DHCP enabled
- Internet access for initial configuration and updates
- Stable network during installation
Detailed Endpoint Information
Core NixOS
| Endpoint | Port | Protocol | Purpose |
|---|---|---|---|
cache.nixos.org | 443 | TCP | Binary cache for packages |
*.pool.ntp.org | 123 | UDP | Default NTP (systemd-timesyncd) |
GitHub (multiple uses)
| Endpoint | Port | Purpose |
|---|---|---|
github.com | 443 | Home Assistant OS image downloads (home-assistant/operating-system/releases) |
github.com | 443 | Newt agent downloads (fosrl/newt/releases) |
github.com | 443 | Nix flake inputs (NixOS/nixpkgs) |
SeloraBox Backend
| Endpoint | Port | Purpose |
|---|---|---|
connect.selorahomes.com | 443 | API (token refresh, config sync, health reports) |
gitlab.com | 443 | Configuration and update pulls |
Backup Storage
| Endpoint | Port | Purpose |
|---|---|---|
s3.us-east-1.amazonaws.com | 443 | Cloud backups (or your S3-compatible endpoint) |
Remote Secure Access (Optional)
If Remote Secure Access is configured, the device uses Newt (a WireGuard-based agent) to connect to a Pangolin server.
| Endpoint | Port | Protocol | Purpose |
|---|---|---|---|
dashboard.selorabox.com | 51820 | UDP | WireGuard tunnel (Newt component) |
dashboard.selorabox.com | 21820 | UDP | Client communication |
Last modified February 2, 2026: Add network requirements page and privacy FAQ to SeloraBox docs (145cce8)