gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(services/prosody): coturn (stun&turn)!

Browse source
This commit is contained in:
Kat Inskip 2022-10-07 10:54:33 -07:00
parent bbd8b51080
commit bf0ce96fce
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
2 changed files with 42 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

48
services/prosody.nix
View file

@ -1,15 +1,15 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: with lib; let
ctcfg = config.services.coturn;
with lib; in {
{
networks.internet = { networks.internet = {
extra_domains = [ extra_domains = [
"xmpp.kittywit.ch" "xmpp.kittywit.ch"
"conference.kittywit.ch" "conference.kittywit.ch"
"upload.kittywit.ch" "upload.kittywit.ch"
"turn.kittywit.ch"
]; ];
tcp = [ tcp = [
# XMPP
5000 5000
5222 5222
5223 5223
@ -18,6 +18,18 @@ with lib;
5281 5281
5347 5347
5582 5582
# TURN/STUN
ctcfg.listening-port
ctcfg.alt-listening-port
ctcfg.tls-listening-port
ctcfg.alt-tls-listening-port
];
udp = [
ctcfg.listening-port
ctcfg.alt-listening-port
ctcfg.tls-listening-port
ctcfg.alt-tls-listening-port
[ ctcfg.min-port ctcfg.max-port ]
]; ];
}; };
@ -29,10 +41,30 @@ with lib;
}]; }];
}; };
secrets = {
variables.turn-external-secret = {
path = "gensokyo/coturn";
field = "static-auth";
};
files.turn-external-secret = {
text = tf.variables.turn-external-secret.ref;
owner = "prosody";
group = "domain-auth";
};
};
services.coturn = {
enable = true;
cert = config.networks.internet.cert_path;
pkey = config.networks.internet.key_path;
static-auth-secret-file = config.files.turn-external-secret.path;
realm = "turn.kittywit.ch";
};
services.prosody = { services.prosody = {
enable = true; enable = true;
ssl.cert = "/var/lib/acme/prosody/fullchain.pem"; ssl.cert = config.networks.internet.cert_path;
ssl.key = "/var/lib/acme/prosody/key.pem"; ssl.key = config.networks.internet.key_path;
admins = singleton "kat@kittywit.ch"; admins = singleton "kat@kittywit.ch";
package = package =
let let
@ -49,6 +81,8 @@ with lib;
database = "prosody"; database = "prosody";
username = "prosody"; username = "prosody";
} }
turn_external_host = "turn.kittywit.ch"
turn_external_secret = "${tf.variables.turn-external-secret.import}"
''; '';
virtualHosts = { virtualHosts = {
"xmpp.kittywit.ch" = { "xmpp.kittywit.ch" = {

2
tf

@ -1 +1 @@
Subproject commit 6cf9c879c18a5b8aac7c4ee2489e72f949e99311 Subproject commit 71bc984387b2b901f430a6271964973550e101c7