{ config, ... }: { services.coturn = { enable = true; lt-cred-mech = true; use-auth-secret = true; static-auth-secret = builtins.toString config.secrets.files.turn_shared_secret.file; realm = "turn.graven.dev"; relay-ips = [ "65.21.58.38" "2a01:4f9:c010:34cb::1" ]; no-tcp-relay = true; extraConfig = " cipher-list=\"HIGH\" no-loopback-peers no-multicast-peers "; secure-stun = true; cert = "/var/lib/acme/graven.dev/fullchain.pem"; pkey = "/var/lib/acme/graven.dev/key.pem"; min-port = 49152; max-port = 49999; }; }