Emelie Graven
90eb0c3708
The entire file structure has been reorganised into stable and unstable to separate deployments running on either channel. A `mail` host running Simple Nix Mailserver has also been added for testing to see if it's a good alternative to soverin as well as SMTP for other services.
26 lines
616 B
Nix
26 lines
616 B
Nix
{ config, ... }:
|
|
{
|
|
services.coturn = {
|
|
enable = true;
|
|
lt-cred-mech = true;
|
|
use-auth-secret = true;
|
|
static-auth-secret = builtins.toString config.secrets.files.turn_shared_secret.file;
|
|
realm = "turn.anarkafem.dev";
|
|
relay-ips = [
|
|
"107.189.30.157"
|
|
"2605:6400:30:ef32::1"
|
|
];
|
|
no-tcp-relay = true;
|
|
extraConfig = "
|
|
cipher-list=\"HIGH\"
|
|
no-loopback-peers
|
|
no-multicast-peers
|
|
";
|
|
secure-stun = true;
|
|
cert = "/var/lib/acme/anarkafem.dev/fullchain.pem";
|
|
pkey = "/var/lib/acme/anarkafem.dev/key.pem";
|
|
min-port = 49152;
|
|
max-port = 49999;
|
|
};
|
|
}
|