tsuki/coturn: use default certificate

2024-11-15 12:15:32 +01:00 · 2024-11-15 12:15:32 +01:00 · 2b8a661288
parent 4371bf9bd0
commit 2b8a661288
2 changed files with 18 additions and 17 deletions
--- a/hosts/tsuki/services/matrix/coturn.nix
+++ b/hosts/tsuki/services/matrix/coturn.nix
@ -1,10 +1,11 @@
-{ config, secrets, ... }:
+{ config, lib, secrets, ... }:
 let
  cfg = config.services.coturn;
 in
 {
  services.coturn = let
-    certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
+    # certName = config.services.nginx.virtualHosts.${cfg.realm}.useACMEHost;
+    certName = "nani.wtf";
    certDir = config.security.acme.certs.${certName}.directory;
  in rec {
    enable = true;
@ -46,4 +47,19 @@ in
      denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    '';
  };
+
+  networking.firewall = lib.mkIf cfg.enable {
+    interfaces.enp2s0 = let
+      range = [{
+        from = cfg.min-port;
+        to = cfg.max-port;
+      }];
+    in
+    {
+      allowedUDPPortRanges = range;
+      allowedUDPPorts = [ cfg.listening-port ];
+      allowedTCPPortRanges = range;
+      allowedTCPPorts = [ cfg.listening-port ];
+    };
+  };
 }
--- a/hosts/tsuki/services/matrix/default.nix
+++ b/hosts/tsuki/services/matrix/default.nix
@ -94,19 +94,4 @@
  };

  services.redis.servers."".enable = true;
-
-  networking.firewall = {
-    interfaces.enp2s0 = let
-      range = [{
-        from = config.services.coturn.min-port;
-        to = config.services.coturn.max-port;
-      }];
-    in
-    {
-      allowedUDPPortRanges = range;
-      allowedUDPPorts = [ config.services.coturn.listening-port ];
-      allowedTCPPortRanges = range;
-      allowedTCPPorts = [ config.services.coturn.listening-port ];
-    };
-  };
 }