WIP: chore(coturn): Switch to letsencrypt certificate
This commit is contained in:
parent
586ab969a4
commit
c04e10b312
GPG key ID:
49670FD774E43268
configuration/services
|
|
@ -59,11 +59,8 @@ in
|
|||
relay-ips = [ "116.202.158.55" ];
|
||||
|
||||
# SSL config
|
||||
#
|
||||
# TODO(tlater): Switch to letsencrypt once google fix:
|
||||
# https://github.com/vector-im/element-android/issues/1533
|
||||
pkey = config.sops.secrets."turn/ssl-key".path;
|
||||
cert = config.sops.secrets."turn/ssl-cert".path;
|
||||
pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
|
||||
cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
|
||||
|
||||
# Based on suggestions from
|
||||
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md
|
||||
|
|
|
|||
|
|
@ -20,6 +20,16 @@ in
|
|||
timeout = "5s";
|
||||
http.preferred_ip_protocol = "ip4";
|
||||
};
|
||||
|
||||
turn_server = {
|
||||
prober = "tcp";
|
||||
timeout = "5s";
|
||||
tcp = {
|
||||
preferred_ip_protocol = "ip4";
|
||||
source_ip_address = "116.202.158.55";
|
||||
tls = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -40,6 +40,30 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
blackbox_turn = {
|
||||
targets = [ "turn.tlater.net:${toString config.services.coturn.tls-listening-port}" ];
|
||||
|
||||
extraSettings = {
|
||||
metrics_path = "/probe";
|
||||
params.module = [ "turn_server" ];
|
||||
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__address__" ];
|
||||
target_label = "__param_target";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__param_target" ];
|
||||
target_label = "instance";
|
||||
}
|
||||
{
|
||||
target_label = "__address__";
|
||||
replacement = "${blackbox_host}:${toString blackbox_port}";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
blackbox_exporter.targets = [ "${blackbox_host}:${toString blackbox_port}" ];
|
||||
|
||||
coturn.targets = [ "127.0.0.1:9641" ];
|
||||
|
|
|
|||
Loading…
Reference in a new issue