nix-deploy/config/hosts/wind/services/coturn.nix

{
  services.coturn = {
    enable = true;
    lt-cred-mech = true;
    use-auth-secret = true;
    #static-auth-secret = builtins.toString config.secrets.files.synapse_turn_shared_secret.file;
    static-auth-secret = "a_long_string_that_i_will_be_changing";
    realm = "turn.graven.dev";
    relay-ips = [
      "65.21.58.38"
      "2a01:4f9:c010:34cb::1"
    ];
    no-tcp-relay = true;
    extraConfig = "
    cipher-list=\"HIGH\"
    no-loopback-peers
    no-multicast-peers
    ";
    secure-stun = true;
    cert = "/var/lib/acme/turn.graven.dev/fullchain.pem";
    pkey = "/var/lib/acme/turn.graven.dev/key.pem";
    min-port = 49152;
    max-port = 49999;
  };
}
wind 1.0 2021-09-22 10:16:11 +02:00			`{`
			`services.coturn = {`
			`enable = true;`
			`lt-cred-mech = true;`
			`use-auth-secret = true;`
			`#static-auth-secret = builtins.toString config.secrets.files.synapse_turn_shared_secret.file;`
			`static-auth-secret = "a_long_string_that_i_will_be_changing";`
			`realm = "turn.graven.dev";`
			`relay-ips = [`
			`"65.21.58.38"`
			`"2a01:4f9:c010:34cb::1"`
			`];`
			`no-tcp-relay = true;`
			`extraConfig = "`
			`cipher-list=\"HIGH\"`
			`no-loopback-peers`
			`no-multicast-peers`
			`";`
			`secure-stun = true;`
			`cert = "/var/lib/acme/turn.graven.dev/fullchain.pem";`
			`pkey = "/var/lib/acme/turn.graven.dev/key.pem";`
			`min-port = 49152;`
			`max-port = 49999;`
			`};`
			`}`