mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
feat(services/prosody): coturn (stun&turn)!
This commit is contained in:
parent
bbd8b51080
commit
bf0ce96fce
GPG key ID:
465E64DECEA8CF0F
2 changed files with 42 additions and 8 deletions
|
|
@ -1,15 +1,15 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
{ config, pkgs, lib, ... }: with lib; let
|
||||
ctcfg = config.services.coturn;
|
||||
in {
|
||||
networks.internet = {
|
||||
extra_domains = [
|
||||
"xmpp.kittywit.ch"
|
||||
"conference.kittywit.ch"
|
||||
"upload.kittywit.ch"
|
||||
"turn.kittywit.ch"
|
||||
];
|
||||
tcp = [
|
||||
# XMPP
|
||||
5000
|
||||
5222
|
||||
5223
|
||||
|
|
@ -18,6 +18,18 @@ with lib;
|
|||
5281
|
||||
5347
|
||||
5582
|
||||
# TURN/STUN
|
||||
ctcfg.listening-port
|
||||
ctcfg.alt-listening-port
|
||||
ctcfg.tls-listening-port
|
||||
ctcfg.alt-tls-listening-port
|
||||
];
|
||||
udp = [
|
||||
ctcfg.listening-port
|
||||
ctcfg.alt-listening-port
|
||||
ctcfg.tls-listening-port
|
||||
ctcfg.alt-tls-listening-port
|
||||
[ ctcfg.min-port ctcfg.max-port ]
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -29,10 +41,30 @@ with lib;
|
|||
}];
|
||||
};
|
||||
|
||||
secrets = {
|
||||
variables.turn-external-secret = {
|
||||
path = "gensokyo/coturn";
|
||||
field = "static-auth";
|
||||
};
|
||||
files.turn-external-secret = {
|
||||
text = tf.variables.turn-external-secret.ref;
|
||||
owner = "prosody";
|
||||
group = "domain-auth";
|
||||
};
|
||||
};
|
||||
|
||||
services.coturn = {
|
||||
enable = true;
|
||||
cert = config.networks.internet.cert_path;
|
||||
pkey = config.networks.internet.key_path;
|
||||
static-auth-secret-file = config.files.turn-external-secret.path;
|
||||
realm = "turn.kittywit.ch";
|
||||
};
|
||||
|
||||
services.prosody = {
|
||||
enable = true;
|
||||
ssl.cert = "/var/lib/acme/prosody/fullchain.pem";
|
||||
ssl.key = "/var/lib/acme/prosody/key.pem";
|
||||
ssl.cert = config.networks.internet.cert_path;
|
||||
ssl.key = config.networks.internet.key_path;
|
||||
admins = singleton "kat@kittywit.ch";
|
||||
package =
|
||||
let
|
||||
|
|
@ -49,6 +81,8 @@ with lib;
|
|||
database = "prosody";
|
||||
username = "prosody";
|
||||
}
|
||||
turn_external_host = "turn.kittywit.ch"
|
||||
turn_external_secret = "${tf.variables.turn-external-secret.import}"
|
||||
'';
|
||||
virtualHosts = {
|
||||
"xmpp.kittywit.ch" = {
|
||||
|
|
|
|||
2
tf
2
tf
|
|
@ -1 +1 @@
|
|||
Subproject commit 6cf9c879c18a5b8aac7c4ee2489e72f949e99311
|
||||
Subproject commit 71bc984387b2b901f430a6271964973550e101c7
|
||||
Loading…
Add table
Add a link
Reference in a new issue