conduit: Enable TURNS with a ZeroSSL-provided certificate
This commit is contained in:
parent
997707021b
commit
a28d385b17
|
@ -66,11 +66,15 @@
|
|||
|
||||
config.services.coturn.listening-port
|
||||
config.services.coturn.tls-listening-port
|
||||
config.services.coturn.alt-listening-port
|
||||
config.services.coturn.alt-tls-listening-port
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
config.services.coturn.listening-port
|
||||
config.services.coturn.tls-listening-port
|
||||
config.services.coturn.alt-listening-port
|
||||
config.services.coturn.alt-tls-listening-port
|
||||
];
|
||||
|
||||
allowedUDPPortRanges = [
|
||||
|
|
|
@ -22,6 +22,8 @@ in {
|
|||
in [
|
||||
"turn:${address}?transport=udp"
|
||||
"turn:${address}?transport=tcp"
|
||||
"turns:${tls-address}?transport=udp"
|
||||
"turns:${tls-address}?transport=tcp"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -34,6 +36,7 @@ in {
|
|||
|
||||
services.coturn = {
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret-file = config.sops.secrets."turn/secret".path;
|
||||
realm = turn-realm;
|
||||
|
@ -41,6 +44,13 @@ in {
|
|||
"178.79.137.55"
|
||||
];
|
||||
|
||||
# SSL config
|
||||
#
|
||||
# TODO(tlater): Switch to letsencrypt once google fix:
|
||||
# https://github.com/vector-im/element-android/issues/1533
|
||||
pkey = config.sops.secrets."turn/ssl-key".path;
|
||||
cert = config.sops.secrets."turn/ssl-cert".path;
|
||||
|
||||
# Based on suggestions from
|
||||
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
|
||||
# and
|
||||
|
|
|
@ -10,5 +10,11 @@
|
|||
secrets."turn/secret" = {
|
||||
owner = "turnserver";
|
||||
};
|
||||
secrets."turn/ssl-key" = {
|
||||
owner = "turnserver";
|
||||
};
|
||||
secrets."turn/ssl-cert" = {
|
||||
owner = "turnserver";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue