tlaternet/tlaternet-server
1
0
Fork 0
Code Issues10 Pull requests Releases Activity

WIP: chore(coturn): Switch to letsencrypt certificate

Browse source 
Fixes
This commit is contained in:
Tristan Daniël Maat 2025-02-16 18:46:25 +08:00
parent 586ab969a4
commit 2f108e708f
Signed by: tlater
GPG key ID: 49670FD774E43268
4 changed files with 47 additions and 6 deletions
configuration/services/conduit
default.nix

11
configuration/services/conduit/default.nix
View file

@ -50,6 +50,10 @@ in
# See also https://gitlab.com/famedly/conduit/-/issues/314
systemd.services.conduit.serviceConfig.EnvironmentFile = config.sops.secrets."turn/env".path;
systemd.services.coturn.serviceConfig.SupplementaryGroups = [
config.security.acme.certs."tlater.net".group
];
services.coturn = {
enable = true;
no-cli = true;
@ -59,11 +63,8 @@ in
relay-ips = [ "116.202.158.55" ];
# SSL config
#
# TODO(tlater): Switch to letsencrypt once google fix:
# https://github.com/vector-im/element-android/issues/1533
pkey = config.sops.secrets."turn/ssl-key".path;
cert = config.sops.secrets."turn/ssl-cert".path;
pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
# Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md