]>
Commit | Line | Data |
---|---|---|
a3ac9c84 IB |
1 | { config, name, lib, ... }: |
2 | { | |
3 | config = lib.mkIf (name == "eldiron") { | |
4 | networking.firewall.allowedTCPPorts = [ | |
5 | config.services.coturn.alt-listening-port | |
6 | config.services.coturn.alt-tls-listening-port | |
7 | config.services.coturn.listening-port | |
8 | config.services.coturn.tls-listening-port | |
9 | ]; | |
10 | networking.firewall.allowedTCPPortRanges = [ | |
11 | { from = config.services.coturn.min-port; to = config.services.coturn.max-port; } | |
12 | ]; | |
13 | networking.firewall.allowedUDPPortRanges = [ | |
14 | { from = config.services.coturn.min-port; to = config.services.coturn.max-port; } | |
15 | ]; | |
16 | networking.firewall.allowedUDPPorts = [ | |
17 | config.services.coturn.alt-listening-port | |
18 | config.services.coturn.alt-tls-listening-port | |
19 | config.services.coturn.listening-port | |
20 | config.services.coturn.tls-listening-port | |
21 | ]; | |
22 | #users.users.turnserver.extraGroups = [ "keys" ]; | |
23 | services.coturn = { | |
24 | enable = true; | |
25 | no-cli = true; | |
26 | no-tls = true; | |
27 | no-dtls = true; | |
28 | use-auth-secret = true; | |
29 | lt-cred-mech = true; | |
30 | realm = "eldiron.immae.eu"; | |
31 | extraConfig = '' | |
32 | fingerprint | |
33 | total-quota=0 | |
34 | bps-capacity=0 | |
35 | stale-nonce | |
36 | no-multicast-peers | |
37 | ''; | |
38 | static-auth-secret = config.myEnv.coturn.auth_access_key; | |
39 | #cert = "/var/lib/acme/eldiron/fullchain.pem"; | |
40 | #pkey = "/var/lib/acme/eldiron/key.pem"; | |
41 | listening-ips = [ | |
42 | "127.0.0.1" | |
43 | "::1" | |
05becbbb IB |
44 | ] ++ config.myEnv.servers.eldiron.ips.main.ip4 |
45 | ++ config.myEnv.servers.eldiron.ips.main.ip6; | |
a3ac9c84 IB |
46 | relay-ips = [ |
47 | "127.0.0.1" | |
48 | "::1" | |
05becbbb IB |
49 | ] ++ config.myEnv.servers.eldiron.ips.main.ip4 |
50 | ++ config.myEnv.servers.eldiron.ips.main.ip6; | |
a3ac9c84 IB |
51 | }; |
52 | }; | |
53 | } |