Squash changes containing private information

[perso/Immae/Config/Nix.git] / systems / eldiron / coturn.nix
diff --git a/systems/eldiron/coturn.nix b/systems/eldiron/coturn.nix

new file mode 100644 (file)

index 0000000..d8b02c5
--- /dev/null
+++ b/systems/eldiron/coturn.nix
@@ -0,0 +1,73 @@
+{ config, name, lib, pkgs, ... }:
+{
+  config = lib.mkIf (name == "eldiron") {
+    myServices.chatonsProperties.services.coturn = {
+      file.datetime = "2022-08-27T19:00:00";
+      service = {
+        name = "Coturn";
+        description = "coturn TURN server";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "FULL";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "coturn";
+        website = "https://github.com/coturn/coturn";
+        license.url = "https://github.com/coturn/coturn/blob/master/LICENSE";
+        license.name = "3-Clause BSD License";
+        version = pkgs.coturn.version;
+        source.url = "https://github.com/coturn/coturn";
+      };
+    };
+    networking.firewall.allowedTCPPorts = [
+      config.services.coturn.alt-listening-port
+      config.services.coturn.alt-tls-listening-port
+      config.services.coturn.listening-port
+      config.services.coturn.tls-listening-port
+    ];
+    networking.firewall.allowedTCPPortRanges = [
+      { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
+    ];
+    networking.firewall.allowedUDPPortRanges = [
+      { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
+    ];
+    networking.firewall.allowedUDPPorts = [
+      config.services.coturn.alt-listening-port
+      config.services.coturn.alt-tls-listening-port
+      config.services.coturn.listening-port
+      config.services.coturn.tls-listening-port
+    ];
+    #users.users.turnserver.extraGroups = [ "keys" ];
+    services.coturn = {
+      enable = true;
+      no-cli = true;
+      no-tls = true;
+      no-dtls = true;
+      use-auth-secret = true;
+      lt-cred-mech = true;
+      realm = "eldiron.immae.eu";
+      extraConfig = ''
+        fingerprint
+        total-quota=0
+        bps-capacity=0
+        stale-nonce
+        no-multicast-peers
+      '';
+      static-auth-secret = config.myEnv.coturn.auth_access_key;
+      #cert = "/var/lib/acme/eldiron/fullchain.pem";
+      #pkey = "/var/lib/acme/eldiron/key.pem";
+      listening-ips = [
+        "127.0.0.1"
+        "::1"
+      ] ++ config.myEnv.servers.eldiron.ips.main.ip4
+        ++ config.myEnv.servers.eldiron.ips.main.ip6;
+      relay-ips = [
+        "127.0.0.1"
+        "::1"
+      ] ++ config.myEnv.servers.eldiron.ips.main.ip4
+        ++ config.myEnv.servers.eldiron.ips.main.ip6;
+    };
+  };
+}