chore(coturn): Switch to letsencrypt certificate

Fixes #107
2025-02-16 18:46:25 +08:00 · 2025-02-16 18:46:25 +08:00 · a60cb7f60c
commit a60cb7f60c
parent 586ab969a4
4 changed files with 47 additions and 6 deletions
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@ -53,7 +53,7 @@
        "*.tlater.com"
      ];
      dnsProvider = "porkbun";
-      group = "nginx";
+      group = "ssl-cert";
      credentialFiles = {
        PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path;
        PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path;
@ -61,6 +61,12 @@
    };
  };

+  users.groups.ssl-cert = { };
+
+  systemd.services.nginx.serviceConfig.SupplementaryGroups = [
+    config.security.acme.certs."tlater.net".group
+  ];
+
  services.backups.acme = {
    user = "acme";
    paths = lib.mapAttrsToList (