conduit: Enable TURNS with a ZeroSSL-provided certificate

This commit is contained in:
Tristan Daniël Maat 2022-11-05 22:26:52 +00:00
parent 997707021b
commit a28d385b17
Signed by: tlater
GPG key ID: 49670FD774E43268
4 changed files with 25 additions and 2 deletions

View file

@ -66,11 +66,15 @@
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port
config.services.coturn.alt-tls-listening-port
];
allowedUDPPorts = [
config.services.coturn.listening-port
config.services.coturn.tls-listening-port
config.services.coturn.alt-listening-port
config.services.coturn.alt-tls-listening-port
];
allowedUDPPortRanges = [

View file

@ -22,6 +22,8 @@ in {
in [
"turn:${address}?transport=udp"
"turn:${address}?transport=tcp"
"turns:${tls-address}?transport=udp"
"turns:${tls-address}?transport=tcp"
];
};
};
@ -34,6 +36,7 @@ in {
services.coturn = {
enable = true;
no-cli = true;
use-auth-secret = true;
static-auth-secret-file = config.sops.secrets."turn/secret".path;
realm = turn-realm;
@ -41,6 +44,13 @@ in {
"178.79.137.55"
];
# SSL config
#
# TODO(tlater): Switch to letsencrypt once google fix:
# https://github.com/vector-im/element-android/issues/1533
pkey = config.sops.secrets."turn/ssl-key".path;
cert = config.sops.secrets."turn/ssl-cert".path;
# Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
# and

View file

@ -10,5 +10,11 @@
secrets."turn/secret" = {
owner = "turnserver";
};
secrets."turn/ssl-key" = {
owner = "turnserver";
};
secrets."turn/ssl-cert" = {
owner = "turnserver";
};
};
}

File diff suppressed because one or more lines are too long