--- /dev/null
+{ config, name, lib, ... }:
+{
+ config = lib.mkIf (name == "eldiron") {
+ networking.firewall.allowedTCPPorts = [
+ config.services.coturn.alt-listening-port
+ config.services.coturn.alt-tls-listening-port
+ config.services.coturn.listening-port
+ config.services.coturn.tls-listening-port
+ ];
+ networking.firewall.allowedTCPPortRanges = [
+ { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
+ ];
+ networking.firewall.allowedUDPPortRanges = [
+ { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
+ ];
+ networking.firewall.allowedUDPPorts = [
+ config.services.coturn.alt-listening-port
+ config.services.coturn.alt-tls-listening-port
+ config.services.coturn.listening-port
+ config.services.coturn.tls-listening-port
+ ];
+ #users.users.turnserver.extraGroups = [ "keys" ];
+ services.coturn = {
+ enable = true;
+ no-cli = true;
+ no-tls = true;
+ no-dtls = true;
+ use-auth-secret = true;
+ lt-cred-mech = true;
+ realm = "eldiron.immae.eu";
+ extraConfig = ''
+ fingerprint
+ total-quota=0
+ bps-capacity=0
+ stale-nonce
+ no-multicast-peers
+ '';
+ static-auth-secret = config.myEnv.coturn.auth_access_key;
+ #cert = "/var/lib/acme/eldiron/fullchain.pem";
+ #pkey = "/var/lib/acme/eldiron/key.pem";
+ listening-ips = [
+ "127.0.0.1"
+ "::1"
+ config.myEnv.servers.eldiron.ips.main.ip4
+ ] ++ config.myEnv.servers.eldiron.ips.main.ip6;
+ relay-ips = [
+ "127.0.0.1"
+ "::1"
+ config.myEnv.servers.eldiron.ips.main.ip4
+ ] ++ config.myEnv.servers.eldiron.ips.main.ip6;
+ };
+ };
+}