summaryrefslogtreecommitdiff
path: root/hosts/chaski/services/coturn.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/chaski/services/coturn.nix')
-rw-r--r--hosts/chaski/services/coturn.nix57
1 files changed, 57 insertions, 0 deletions
diff --git a/hosts/chaski/services/coturn.nix b/hosts/chaski/services/coturn.nix
new file mode 100644
index 0000000..9a2211f
--- /dev/null
+++ b/hosts/chaski/services/coturn.nix
@@ -0,0 +1,57 @@
+{pkgs, config, ...}:
+
+{
+ services.coturn = {
+ enable = true;
+ realm = "chaski.stuebinm.eu";
+# static-auth-secret = "chaski";
+# use-auth-secret = true;
+ no-cli = true;
+# no-tcp-relay = true;
+ lt-cred-mech = true;
+ extraConfig = ''
+ verbose
+ fingerprint
+ external-ip=95.217.159.23
+ user=chaski:chaski
+ server-name=chaski.stuebinm.eu
+ #mobility
+ #listening-ip=95.217.159.23
+ prometheus
+ '';
+
+ cert = config.security.acme.certs."chaski.stuebinm.eu".directory + "full.pem";
+ pkey = config.security.acme.certs."chaski.stuebinm.eu".directory + "key.pem";
+ };
+
+ security.acme = {
+ email = "stuebinm@disroot.org";
+ acceptTerms = true;
+ };
+
+ # just here to serve acme challanges
+ services.nginx = {
+ enable = true;
+ user = "turnserver";
+ virtualHosts."chaski.stuebinm.eu" = {
+ root = "/var/www";
+ enableACME = true;
+ };
+ };
+
+ networking.firewall = with config.services.coturn; {
+ allowedTCPPorts = [
+ 80 # for acme challanges
+ listening-port tls-listening-port
+ (listening-port +1) (tls-listening-port +1)
+ ];
+ allowedUDPPorts = [
+ listening-port
+ tls-listening-port
+ (listening-port +1) (tls-listening-port +1)
+ ];
+ allowedUDPPortRanges = [
+ { from = min-port; to = max-port; }
+ ];
+ };
+}