52 lines
1.3 KiB
Nix
52 lines
1.3 KiB
Nix
|
{config, pkgs, lib, ...}:
|
||
|
|
||
|
let
|
||
|
personalization = import ./personalization.nix;
|
||
|
in
|
||
|
{
|
||
|
systemd.services.sslcoturn = {
|
||
|
script = ''
|
||
|
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.crt /var/lib/coturn/${personalization.matrix_url}.crt.pem
|
||
|
|
||
|
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.key /var/lib/coturn/${personalization.matrix_url}.key.pem
|
||
|
|
||
|
chown turnserver:turnserver /var/lib/coturn -R
|
||
|
|
||
|
chmod 770 /var/lib/coturn -R
|
||
|
|
||
|
systemctl restart coturn
|
||
|
'';
|
||
|
|
||
|
unitConfig = {
|
||
|
Type = "simple";
|
||
|
After = "NetworkManager.service";
|
||
|
Requires = "network-online.target";
|
||
|
};
|
||
|
|
||
|
serviceConfig = {
|
||
|
RemainAfterExit = "yes";
|
||
|
Type = "oneshot";
|
||
|
};
|
||
|
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
};
|
||
|
|
||
|
|
||
|
services.coturn = {
|
||
|
enable = true;
|
||
|
use-auth-secret = true;
|
||
|
static-auth-secret = "${personalization.turn_shared}";
|
||
|
realm = personalization.matrix_url;
|
||
|
cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem";
|
||
|
pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem";
|
||
|
min-port = 49152;
|
||
|
max-port = 65535;
|
||
|
no-cli = true;
|
||
|
#listening-ips = [ "127.0.0.1" ];
|
||
|
extraConfig = ''
|
||
|
verbose
|
||
|
external-ip=${personalization.external_ip_secret}
|
||
|
'';
|
||
|
};
|
||
|
}
|