From 8201cafa28d261e5a1bbec76f4dba2dd3846ba67 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 2 Apr 2024 17:55:12 +0200 Subject: [PATCH] fix: acme was blocked by tailscale --- coturn.nix | 29 ++++++++++++++++++++-------- flake.lock | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 2 +- tail.nix | 2 +- 4 files changed, 78 insertions(+), 10 deletions(-) diff --git a/coturn.nix b/coturn.nix index 6354b40..40978ac 100644 --- a/coturn.nix +++ b/coturn.nix @@ -56,17 +56,30 @@ allowedTCPPorts = [ 3478 5349 ]; }; }; - # get a certificate - security.acme.certs.${config.services.coturn.realm} = { - /* insert here the right configuration to obtain a certificate */ - postRun = "systemctl restart coturn.service"; - group = "turnserver"; + services.nginx = { + enable = true; + virtualHosts."turn.sondell.org" = { + forceSSL = true; + enableACME = true; + }; }; + # get a certificate + users.users.nginx.extraGroups = [ + "turnserver" + ]; + # security.acme.certs.${config.services.coturn.realm} = { + # /* insert here the right configuration to obtain a certificate */ + # postRun = "systemctl restart coturn.service"; + # group = "turnserver"; + # }; # configure synapse to point users to coturn services.matrix-synapse = with config.services.coturn; { - turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; - turn_shared_secret = static-auth-secret; - turn_user_lifetime = "1h"; + settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; + settings.turn_user_lifetime = "1h"; + # turn_shared_secret = static-auth-secret; + extraConfigFiles = [ + config.services.coturn.static-auth-secret-file + ]; }; } diff --git a/flake.lock b/flake.lock index 1bb48ae..10091ea 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,44 @@ { "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711535911, + "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=", + "ref": "refs/heads/main", + "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331", + "revCount": 9, + "type": "git", + "url": "https://git.sondell.org/glennwso/home.git" + }, + "original": { + "type": "git", + "url": "https://git.sondell.org/glennwso/home.git" + } + }, "nixpkgs": { "locked": { "lastModified": 1709237383, @@ -18,8 +57,24 @@ }, "root": { "inputs": { + "home": "home", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 83072cc..6e2c5e1 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ ./filebrowser.nix ./tail.nix ./matrix.nix - ./coturn.nix # disabled becouse tls not solved + ./coturn.nix # (import ./homepage.nix {inherit homepage;}) ]; diff --git a/tail.nix b/tail.nix index acdd2bb..8f67616 100644 --- a/tail.nix +++ b/tail.nix @@ -1,7 +1,7 @@ { config, ... }: { services.tailscale = { - enable =true; + enable =false; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node"