systems/eldiron/coturn.nix

   1 { config, name, lib, pkgs, ... }:
   2 {
   3   config = lib.mkIf (name == "eldiron") {
   4     myServices.chatonsProperties.services.coturn = {
   5       file.datetime = "2022-08-27T19:00:00";
   6       service = {
   7         name = "Coturn";
   8         description = "coturn TURN server";
   9         status.level = "OK";
  10         status.description = "OK";
  11         registration."" = ["MEMBER" "CLIENT"];
  12         registration.load = "FULL";
  13         install.type = "PACKAGE";
  14       };
  15       software = {
  16         name = "coturn";
  17         website = "https://github.com/coturn/coturn";
  18         license.url = "https://github.com/coturn/coturn/blob/master/LICENSE";
  19         license.name = "3-Clause BSD License";
  20         version = pkgs.coturn.version;
  21         source.url = "https://github.com/coturn/coturn";
  22       };
  23     };
  24     networking.firewall.allowedTCPPorts = [
  25       config.services.coturn.alt-listening-port
  26       config.services.coturn.alt-tls-listening-port
  27       config.services.coturn.listening-port
  28       config.services.coturn.tls-listening-port
  29     ];
  30     networking.firewall.allowedTCPPortRanges = [
  31       { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
  32     ];
  33     networking.firewall.allowedUDPPortRanges = [
  34       { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
  35     ];
  36     networking.firewall.allowedUDPPorts = [
  37       config.services.coturn.alt-listening-port
  38       config.services.coturn.alt-tls-listening-port
  39       config.services.coturn.listening-port
  40       config.services.coturn.tls-listening-port
  41     ];
  42     #users.users.turnserver.extraGroups = [ "keys" ];
  43     services.coturn = {
  44       enable = true;
  45       no-cli = true;
  46       no-tls = true;
  47       no-dtls = true;
  48       use-auth-secret = true;
  49       lt-cred-mech = true;
  50       realm = "eldiron.immae.eu";
  51       extraConfig = ''
  52         fingerprint
  53         total-quota=0
  54         bps-capacity=0
  55         stale-nonce
  56         no-multicast-peers
  57       '';
  58       static-auth-secret = config.myEnv.coturn.auth_access_key;
  59       #cert = "/var/lib/acme/eldiron/fullchain.pem";
  60       #pkey = "/var/lib/acme/eldiron/key.pem";
  61       listening-ips = [
  62         "127.0.0.1"
  63         "::1"
  64       ] ++ config.myEnv.servers.eldiron.ips.main.ip4
  65         ++ config.myEnv.servers.eldiron.ips.main.ip6;
  66       relay-ips = [
  67         "127.0.0.1"
  68         "::1"
  69       ] ++ config.myEnv.servers.eldiron.ips.main.ip4
  70         ++ config.myEnv.servers.eldiron.ips.main.ip6;
  71     };
  72   };
  73 }