chore(nix): add coturn secrets
This commit is contained in:
parent
d87c0e5ba1
commit
1da3032909
|
@ -5,7 +5,14 @@
|
|||
lib,
|
||||
...
|
||||
}: {
|
||||
imports = [../secrets/coturn.nix];
|
||||
age.secrets = {
|
||||
coturn = {
|
||||
file = ../secrets/coturn.age;
|
||||
owner = "turnserver";
|
||||
group = "turnserver";
|
||||
mode = "0640";
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
coturn = {
|
||||
|
@ -20,6 +27,7 @@
|
|||
no-tcp-relay = true; # Disable TCP relay endpoints
|
||||
extraConfig = "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n ";
|
||||
secure-stun = true; # Require authentication of the STUN Binding request
|
||||
static-auth-secret-file = config.age.secrets.coturn.path;
|
||||
cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem";
|
||||
min-port = 49152; # Lower bound of UDP relay endpoints
|
||||
|
|
|
@ -5,8 +5,6 @@
|
|||
lib,
|
||||
...
|
||||
}: {
|
||||
imports = [../secrets/matrix.nix];
|
||||
|
||||
i18n = {
|
||||
extraLocaleSettings = {
|
||||
LC_COLLATE = "C.UTF-8"; # Ensure correct locale for postgres
|
||||
|
@ -66,7 +64,7 @@
|
|||
server_name = "mcwhirter.io"; # Server's public domain name
|
||||
tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
|
||||
tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
|
||||
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
|
||||
turn_shared_secret = config.services.coturn.static-auth-secret;
|
||||
turn_uris = [
|
||||
"turn:turn.mcwhirter.io:5349?transport=udp"
|
||||
"turn:turn.mcwhirter.io:5350?transport=udp"
|
||||
|
|
35
secrets/coturn.age
Normal file
35
secrets/coturn.age
Normal file
|
@ -0,0 +1,35 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSB4c1pK
|
||||
YkY3THNkS1BXN3F0bVlkYjB0S0syQzNEbDJNVit2M2Rab2RCSjJ3CnpTM3k0QnVE
|
||||
UWU2QU8yV01rY2FuaGJsZTZjd2dWY2ViT3BxWExhUTRNU1UKLT4gc3NoLWVkMjU1
|
||||
MTkgSk00dDZBIFlJQjJGOHpkQXJtdkM3QkxSdEtTeDVzU3Y1MzNtVWZOU0tDRDd2
|
||||
blJJZzQKdWlTVi9sN0wvd1NIQUVhV0RXUktIQW12aUdaWDRUUUlkeXB3QVRENndS
|
||||
bwotPiBzc2gtZWQyNTUxOSA5aEV5RFEgVHBrRk5LbHpPSkFNTVVFTXRJQW03RkJQ
|
||||
QWkzdDQ2RCt1aHpTdHdZTnlrRQpVYkRDTzhtQ0lYMnlZV3pFZlgxdzBVVkdMeVQz
|
||||
WlJkQjIvUlNaNmgwbkZjCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBndVpMWnNOVzZO
|
||||
VTRHRlc2NHU0UkEzMEpOWHByUXluVFpSOCtRWVhEcHpNCnhIaUhUUHVjTlhPY0lW
|
||||
TFd2MmIvNForbjZPZFJKVDh3QWZSejh1V1hSVmMKLT4gc3NoLWVkMjU1MTkgV2c5
|
||||
M3J3IGErUzhFd0tUUndMbmVqakt3SE0yd2Y0TGRSRjBoMVFPR2RPMzV3V0RHbTgK
|
||||
eHo5dE1oM0RNL0RuZEVMWThlUUJiZGI2VmZvVDlpY21WMisrR01oK3VmSQotPiBz
|
||||
c2gtZWQyNTUxOSBQeEt3alEgVUwyL3VFUVlSYjQ0OFhweUxOWTNablQxU01KZjBD
|
||||
eUNrd2wwMVlwZFJFRQpPWjUra3k2TE81R3V6WXRFY2pXWXVvVS9qRjZOMjdPZHVu
|
||||
Ri9lV3poKzRFCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBpa0NxNTJnNXZNZ0JtUmly
|
||||
cldrTVZ0MFU1d0R1ZnNzUUNOR0RmdWlTUmljCnhuWmdZNndwVW8vYWlxclZQK0FM
|
||||
RVVnN0dWZ212U1pvdUd0dnB6SmtUNnMKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIDFs
|
||||
ZEtBZlc4MDNmcWtXUU9mKytZN2NxUmJ6SFZvcFBkditiNE1CN0piaWsKajJWMHVQ
|
||||
bHh6ekV1d3M2T1RzaVdDZFhaNlJyOFRlUGV1YnloZFo0OHl3MAotPiBzc2gtZWQy
|
||||
NTUxOSAwZHBkZ1Egd3doZGorWWpPem1kak42dWRicGV3ZVlKYjkwaUxEQXZQcDdU
|
||||
SkN3a29Scwo1UVVoWGpucEtxRUZXd3czeDkva1YyejQ5YzN4SGx5eDFhTHNidFNj
|
||||
SXVVCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBCd2srQVF3RkJWbE8wRkJNWnNCU3Mw
|
||||
cWNDbzN4YmhBL1ZlYURuZjVVT1M0ClBUQm9FVG9mcENSZkNCK1ptcVRVQWUrL2Zq
|
||||
ZERWSFNPWGpXSll1d3BkOTAKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IERKQzZZd2FK
|
||||
VGJvdGlEL2ZvOGRlcXNXOUpybjhCZmJ2NFdmQ1gxWERKRVEKTXpwWmUvZG9UWUNR
|
||||
enRNUXBoa1RKUmpCTzVRWFJtL29MNHl3WWl5b2R1awotPiBzc2gtZWQyNTUxOSB6
|
||||
RzMrMXcgeE1nMm1HdmhQU1ZYZkRBYml1NGdDaHZ4TDB5cXd5WHgxTldxckZaTEJ3
|
||||
MAp4NUlKYWZmZU9GZjVtVWNOQkJmRk1lWXpXY2dZdXFQT2g1VWp0QU56WU5RCi0+
|
||||
IHhRTC1ncmVhc2UKR01SMi8wNnRmNFloUDM4WksyREYyVGJ2ekVrdW9rZkg3MGk4
|
||||
bXJtRgotLS0gaDhiRHR0TVRObUppaDFjZFljYjVTN3lzTzVKVWdyZFRXNkFteEFs
|
||||
UG43NArxMjjfXgYBXhon0SSpyPNqUQXp7jU5s7WKzj1OnjNgFYT4/9FxuUWVmf0A
|
||||
wJjib8jXUERlIahSbcBUyTo3kLLLBegQRIbwjZdYhAFekYUE/Lr6pvQAaDwDf1R0
|
||||
1LaHz9Zy
|
||||
-----END AGE ENCRYPTED FILE-----
|
|
@ -43,6 +43,7 @@ in {
|
|||
"hamish.age".publicKeys = ops ++ systems;
|
||||
"logan.age".publicKeys = ops ++ systems;
|
||||
"xander.age".publicKeys = ops ++ systems;
|
||||
"coturn.age".publicKeys = ops ++ systems;
|
||||
"nextcloud-dbpass.age".publicKeys = ops ++ systems;
|
||||
"nextcloud-adminpass.age".publicKeys = ops ++ systems;
|
||||
"tt-rss-dbpass.age".publicKeys = ops ++ systems;
|
||||
|
|
Loading…
Reference in a new issue