27 lines
614 B
Nix
27 lines
614 B
Nix
{ config, ... }:
|
|
{
|
|
services.coturn = {
|
|
enable = true;
|
|
lt-cred-mech = true;
|
|
use-auth-secret = true;
|
|
static-auth-secret = builtins.toString config.secrets.files.synapse_turn_shared_secret.file;
|
|
realm = "turn.graven.dev";
|
|
relay-ips = [
|
|
"65.21.58.38"
|
|
"2a01:4f9:c010:34cb::1"
|
|
];
|
|
no-tcp-relay = true;
|
|
extraConfig = "
|
|
cipher-list=\"HIGH\"
|
|
no-loopback-peers
|
|
no-multicast-peers
|
|
";
|
|
secure-stun = true;
|
|
cert = "/var/lib/acme/graven.dev/fullchain.pem";
|
|
pkey = "/var/lib/acme/graven.dev/key.pem";
|
|
min-port = 49152;
|
|
max-port = 49999;
|
|
};
|
|
}
|
|
|