diff options
Diffstat (limited to 'hosts/chaski/services/coturn.nix')
-rw-r--r-- | hosts/chaski/services/coturn.nix | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix new file mode 100644 index 0000000..9a2211f --- /dev/null +++ b/hosts/chaski/services/coturn.nix @@ -0,0 +1,57 @@ +{pkgs, config, ...}: + +{ + services.coturn = { + enable = true; + realm = "chaski.stuebinm.eu"; +# static-auth-secret = "chaski"; +# use-auth-secret = true; + no-cli = true; +# no-tcp-relay = true; + lt-cred-mech = true; + extraConfig = '' + verbose + fingerprint + external-ip=95.217.159.23 + user=chaski:chaski + server-name=chaski.stuebinm.eu + #mobility + #listening-ip=95.217.159.23 + prometheus + ''; + + cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem"; + pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem"; + }; + + security.acme = { + email = "stuebinm@disroot.org"; + acceptTerms = true; + }; + + # just here to serve acme challanges + services.nginx = { + enable = true; + user = "turnserver"; + virtualHosts."chaski.stuebinm.eu" = { + root = "/var/www"; + enableACME = true; + }; + }; + + networking.firewall = with config.services.coturn; { + allowedTCPPorts = [ + 80 # for acme challanges + listening-port tls-listening-port + (listening-port +1) (tls-listening-port +1) + ]; + allowedUDPPorts = [ + listening-port + tls-listening-port + (listening-port +1) (tls-listening-port +1) + ]; + allowedUDPPortRanges = [ + { from = min-port; to = max-port; } + ]; + }; +} |