diff --git a/hosts/tsuki/services/matrix/coturn.nix b/hosts/tsuki/services/matrix/coturn.nix index 91147b0..f438b2c 100644 --- a/hosts/tsuki/services/matrix/coturn.nix +++ b/hosts/tsuki/services/matrix/coturn.nix @@ -1,10 +1,11 @@ -{ config, secrets, ... }: +{ config, lib, secrets, ... }: let cfg = config.services.coturn; in { services.coturn = let - certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost; + # certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost; + certName = "nani.wtf"; certDir = config.security.acme.certs.${certName}.directory; in rec { enable = true; @@ -46,4 +47,19 @@ in denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff ''; }; + + networking.firewall = lib.mkIf cfg.enable { + interfaces.enp2s0 = let + range = [{ + from = cfg.min-port; + to = cfg.max-port; + }]; + in + { + allowedUDPPortRanges = range; + allowedUDPPorts = [ cfg.listening-port ]; + allowedTCPPortRanges = range; + allowedTCPPorts = [ cfg.listening-port ]; + }; + }; } diff --git a/hosts/tsuki/services/matrix/default.nix b/hosts/tsuki/services/matrix/default.nix index 0f9e50e..bf0c8b0 100644 --- a/hosts/tsuki/services/matrix/default.nix +++ b/hosts/tsuki/services/matrix/default.nix @@ -94,19 +94,4 @@ }; services.redis.servers."".enable = true; - - networking.firewall = { - interfaces.enp2s0 = let - range = [{ - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - }]; - in - { - allowedUDPPortRanges = range; - allowedUDPPorts = [ config.services.coturn.listening-port ]; - allowedTCPPortRanges = range; - allowedTCPPorts = [ config.services.coturn.listening-port ]; - }; - }; }