Try fixing coturn
This commit is contained in:
Malte Brandy
parent
90fd5f1487
commit
5798f5c473
2 changed files with 15 additions and 8 deletions
|
|
@ -3,28 +3,32 @@ let
|
||||||
fqdn = "${config.networking.hostName}.${config.networking.domain}";
|
fqdn = "${config.networking.hostName}.${config.networking.domain}";
|
||||||
key_dir = config.security.acme.certs."${fqdn}".directory;
|
key_dir = config.security.acme.certs."${fqdn}".directory;
|
||||||
in {
|
in {
|
||||||
|
users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
|
||||||
networking.firewall = let
|
networking.firewall = let
|
||||||
range = [{
|
range = [{
|
||||||
from = config.services.coturn.min-port;
|
from = config.services.coturn.min-port;
|
||||||
to = config.services.coturn.max-port;
|
to = config.services.coturn.max-port;
|
||||||
}];
|
}];
|
||||||
port = [ config.services.coturn.tls-listening-port ];
|
ports = [
|
||||||
|
config.services.coturn.listening-port
|
||||||
|
config.services.coturn.alt-listening-port
|
||||||
|
config.services.coturn.tls-listening-port
|
||||||
|
config.services.coturn.alt-tls-listening-port
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
allowedUDPPortRanges = range;
|
allowedUDPPortRanges = range;
|
||||||
allowedTCPPortRanges = range;
|
allowedTCPPortRanges = range;
|
||||||
allowedTCPPorts = port;
|
allowedTCPPorts = ports;
|
||||||
allowedUDPPorts = port;
|
allowedUDPPorts = ports;
|
||||||
};
|
};
|
||||||
security.acme.certs.${fqdn} = {
|
security.acme.certs.${fqdn} = {
|
||||||
postRun = "systemctl restart coturn.service";
|
postRun = "systemctl restart coturn.service";
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
coturn = {
|
coturn = {
|
||||||
enable = true;
|
enable = true;
|
||||||
use-auth-secret = true;
|
use-auth-secret = true;
|
||||||
no-tcp = true;
|
no-cli = true;
|
||||||
lt-cred-mech = true;
|
|
||||||
no-tcp-relay = true;
|
no-tcp-relay = true;
|
||||||
min-port = 52000;
|
min-port = 52000;
|
||||||
max-port = 52100;
|
max-port = 52100;
|
||||||
|
|
@ -33,6 +37,7 @@ in {
|
||||||
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
|
static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
|
||||||
"matrix/server-secrets").turn_shared_secret;
|
"matrix/server-secrets").turn_shared_secret;
|
||||||
realm = fqdn;
|
realm = fqdn;
|
||||||
|
listening-ips = [ config.m-0.hosts.hera config.m-0.hosts.hera-v4 ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
fingerprint
|
fingerprint
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,9 +59,11 @@ in {
|
||||||
dynamic_thumbnails = true;
|
dynamic_thumbnails = true;
|
||||||
turn_shared_secret = config.services.coturn.static-auth-secret;
|
turn_shared_secret = config.services.coturn.static-auth-secret;
|
||||||
turn_uris = let
|
turn_uris = let
|
||||||
turn_server =
|
turns =
|
||||||
"turns:${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
|
"turns:${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
|
||||||
in [ "${turn_server}?transport=udp" "${turn_server}?transport=tcp" ];
|
turn =
|
||||||
|
"turn:${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
|
||||||
|
in [ "${turns}?transport=udp" "${turns}?transport=tcp" "${turn}?transport=udp" "${turn}?transport=tcp" ];
|
||||||
turn_user_lifetime = "24h";
|
turn_user_lifetime = "24h";
|
||||||
allow_guest_access = true;
|
allow_guest_access = true;
|
||||||
logConfig = ''
|
logConfig = ''
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue