oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/coturn: use default certificate

This commit is contained in:
Oystein Kristoffer Tveit 2024-11-15 12:15:32 +01:00
parent 4371bf9bd0
commit 2b8a661288
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
2 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/tsuki/services/matrix/coturn.nix
View File

@ -1,10 +1,11 @@
{ config, secrets, ... }: { config, lib, secrets, ... }:
let let
cfg = config.services.coturn; cfg = config.services.coturn;
in in
{ {
services.coturn = let services.coturn = let
certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost; # certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
certName = "nani.wtf";
certDir = config.security.acme.certs.${certName}.directory; certDir = config.security.acme.certs.${certName}.directory;
in rec { in rec {
enable = true; enable = true;
@ -46,4 +47,19 @@ in
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
''; '';
}; };
networking.firewall = lib.mkIf cfg.enable {
interfaces.enp2s0 = let
range = [{
from = cfg.min-port;
to = cfg.max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ cfg.listening-port ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ cfg.listening-port ];
};
};
} }

15
hosts/tsuki/services/matrix/default.nix
View File

@ -94,19 +94,4 @@
}; };
services.redis.servers."".enable = true; services.redis.servers."".enable = true;
networking.firewall = {
interfaces.enp2s0 = let
range = [{
from = config.services.coturn.min-port;
to = config.services.coturn.max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ config.services.coturn.listening-port ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ config.services.coturn.listening-port ];
};
};
} }