systems/eldiron/coturn.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

{ config, name, lib, pkgs, ... }:
{
  config = lib.mkIf (name == "eldiron") {
    myServices.chatonsProperties.services.coturn = {
      file.datetime = "2022-08-27T19:00:00";
      service = {
        name = "Coturn";
        description = "coturn TURN server";
        status.level = "OK";
        status.description = "OK";
        registration."" = ["MEMBER" "CLIENT"];
        registration.load = "FULL";
        install.type = "PACKAGE";
      };
      software = {
        name = "coturn";
        website = "https://github.com/coturn/coturn";
        license.url = "https://github.com/coturn/coturn/blob/master/LICENSE";
        license.name = "3-Clause BSD License";
        version = pkgs.coturn.version;
        source.url = "https://github.com/coturn/coturn";
      };
    };
    networking.firewall.allowedTCPPorts = [
      config.services.coturn.alt-listening-port
      config.services.coturn.alt-tls-listening-port
      config.services.coturn.listening-port
      config.services.coturn.tls-listening-port
    ];
    networking.firewall.allowedTCPPortRanges = [
      { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
    ];
    networking.firewall.allowedUDPPortRanges = [
      { from = config.services.coturn.min-port; to = config.services.coturn.max-port; }
    ];
    networking.firewall.allowedUDPPorts = [
      config.services.coturn.alt-listening-port
      config.services.coturn.alt-tls-listening-port
      config.services.coturn.listening-port
      config.services.coturn.tls-listening-port
    ];
    #users.users.turnserver.extraGroups = [ "keys" ];
    services.coturn = {
      enable = true;
      no-cli = true;
      no-tls = true;
      no-dtls = true;
      use-auth-secret = true;
      lt-cred-mech = true;
      realm = "eldiron.immae.eu";
      extraConfig = ''
        fingerprint
        total-quota=0
        bps-capacity=0
        stale-nonce
        no-multicast-peers
      '';
      static-auth-secret = config.myEnv.coturn.auth_access_key;
      #cert = "/var/lib/acme/eldiron/fullchain.pem";
      #pkey = "/var/lib/acme/eldiron/key.pem";
      listening-ips = [
        "127.0.0.1"
        "::1"
      ] ++ config.myEnv.servers.eldiron.ips.main.ip4
        ++ config.myEnv.servers.eldiron.ips.main.ip6;
      relay-ips = [
        "127.0.0.1"
        "::1"
      ] ++ config.myEnv.servers.eldiron.ips.main.ip4
        ++ config.myEnv.servers.eldiron.ips.main.ip6;
    };
  };
}