Major refactor of fortress config

2025-08-03 18:10:24 -05:00 · 2025-08-03 18:10:24 -05:00 · 72d51d403a
commit 72d51d403a
parent 74929a0aa6
5 changed files with 239 additions and 226 deletions
--- a/systems/fortress/coturn.nix
+++ b/systems/fortress/coturn.nix
@ -0,0 +1,37 @@
+{ config, ... }: {
+  sops.secrets = {
+    "dotspace/coturn/cert.pem" = {
+      owner = config.systemd.services.coturn.serviceConfig.User;
+    };
+    "dotspace/coturn/pkey.pem" = {
+      owner = config.systemd.services.coturn.serviceConfig.User;
+    };
+    "dotspace/coturn/static_auth_secret" = {
+      owner = config.systemd.services.coturn.serviceConfig.User;
+    };
+  };
+
+  # https://gist.github.com/maxidorius/2b0acc2e707ae9a2d6d0267026a1024f
+  services.coturn = {
+    enable = true;
+
+    # syslog
+    # verbose
+
+    lt-cred-mech = true;
+    use-auth-secret = true;
+
+    static-auth-secret-file = "/run/secrets/dotspace/coturn/static_auth_secret";
+    realm = "turn.mlaga97.space";
+
+    cert = "/run/secrets/dotspace/coturn/cert.pem";
+    pkey = "/run/secrets/dotspace/coturn/pkey.pem";
+
+    no-udp = true;
+
+    listening-ips = [
+      "68.183.54.8"
+      "10.86.84.1"
+    ];
+  };
+}