tsuki/coturn: use default certificate
This commit is contained in:
parent
4371bf9bd0
commit
2b8a661288
@ -1,10 +1,11 @@
|
||||
{ config, secrets, ... }:
|
||||
{ config, lib, secrets, ... }:
|
||||
let
|
||||
cfg = config.services.coturn;
|
||||
in
|
||||
{
|
||||
services.coturn = let
|
||||
certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
|
||||
# certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
|
||||
certName = "nani.wtf";
|
||||
certDir = config.security.acme.certs.${certName}.directory;
|
||||
in rec {
|
||||
enable = true;
|
||||
@ -46,4 +47,19 @@ in
|
||||
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.enable {
|
||||
interfaces.enp2s0 = let
|
||||
range = [{
|
||||
from = cfg.min-port;
|
||||
to = cfg.max-port;
|
||||
}];
|
||||
in
|
||||
{
|
||||
allowedUDPPortRanges = range;
|
||||
allowedUDPPorts = [ cfg.listening-port ];
|
||||
allowedTCPPortRanges = range;
|
||||
allowedTCPPorts = [ cfg.listening-port ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -94,19 +94,4 @@
|
||||
};
|
||||
|
||||
services.redis.servers."".enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
interfaces.enp2s0 = let
|
||||
range = [{
|
||||
from = config.services.coturn.min-port;
|
||||
to = config.services.coturn.max-port;
|
||||
}];
|
||||
in
|
||||
{
|
||||
allowedUDPPortRanges = range;
|
||||
allowedUDPPorts = [ config.services.coturn.listening-port ];
|
||||
allowedTCPPortRanges = range;
|
||||
allowedTCPPorts = [ config.services.coturn.listening-port ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user