add anarkafem.dev, minor tweaks

2021-09-23 16:45:06 +02:00 · 2021-09-23 16:45:06 +02:00 · 0969b36564
commit 0969b36564
parent 3ed18d33fc
18 changed files with 374 additions and 15 deletions
--- a/config/hosts/grondahl/services/coturn.nix
+++ b/config/hosts/grondahl/services/coturn.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+{
+  services.coturn = {
+    enable = true;
+    lt-cred-mech = true;
+    use-auth-secret = true;
+    static-auth-secret = builtins.toString config.secrets.files.turn_shared_secret.file;
+    realm = "turn.anarkafem.dev";
+    relay-ips = [
+      "107.189.30.157"
+      "2605:6400:30:ef32::1"
+    ];
+    no-tcp-relay = true;
+    extraConfig = "
+    cipher-list=\"HIGH\"
+    no-loopback-peers
+    no-multicast-peers
+    ";
+    secure-stun = true;
+    cert = "/var/lib/acme/anarkafem.dev/fullchain.pem";
+    pkey = "/var/lib/acme/anarkafem.dev/key.pem";
+    min-port = 49152;
+    max-port = 49999;
+  };
+}