Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial add

Browse Source
This commit is contained in:
naturallaw77
2023-06-01 05:47:05 -07:00
parent 8c5ed0c982
commit 355e35b9f6
13 changed files with 1076 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
modules/coturn.nix Normal file
View File

@ -0,0 +1,51 @@
{config, pkgs, lib, ...}:
let
personalization = import ./personalization.nix;
in
{
systemd.services.sslcoturn = {
script = ''
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.crt /var/lib/coturn/${personalization.matrix_url}.crt.pem
cp -n /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/${personalization.matrix_url}/${personalization.matrix_url}.key /var/lib/coturn/${personalization.matrix_url}.key.pem
chown turnserver:turnserver /var/lib/coturn -R
chmod 770 /var/lib/coturn -R
systemctl restart coturn
'';
unitConfig = {
Type = "simple";
After = "NetworkManager.service";
Requires = "network-online.target";
};
serviceConfig = {
RemainAfterExit = "yes";
Type = "oneshot";
};
wantedBy = [ "multi-user.target" ];
};
services.coturn = {
enable = true;
use-auth-secret = true;
static-auth-secret = "${personalization.turn_shared}";
realm = personalization.matrix_url;
cert = "/var/lib/coturn/${personalization.matrix_url}.crt.pem";
pkey = "/var/lib/coturn/${personalization.matrix_url}.key.pem";
min-port = 49152;
max-port = 65535;
no-cli = true;
#listening-ips = [ "127.0.0.1" ];
extraConfig = ''
verbose
external-ip=${personalization.external_ip_secret}
'';
};
}