fix: acme was blocked by tailscale

2024-04-02 17:55:12 +02:00 · 2024-04-02 17:55:12 +02:00 · 8201cafa28
commit 8201cafa28
parent 972a83efac
4 changed files with 78 additions and 10 deletions
--- a/coturn.nix
+++ b/coturn.nix
@ -56,17 +56,30 @@
      allowedTCPPorts = [ 3478 5349 ];
    };
  };
-  # get a certificate
-  security.acme.certs.${config.services.coturn.realm} = {
-    /* insert here the right configuration to obtain a certificate */
-    postRun = "systemctl restart coturn.service";
-    group = "turnserver";
+  services.nginx = {
+    enable = true;
+    virtualHosts."turn.sondell.org" = {
+      forceSSL = true;
+      enableACME = true;
+    };
  };
+  # get a certificate
+  users.users.nginx.extraGroups = [
+    "turnserver"
+  ];
+  # security.acme.certs.${config.services.coturn.realm} = {
+  #   /* insert here the right configuration to obtain a certificate */
+  #   postRun = "systemctl restart coturn.service";
+  #   group = "turnserver";
+  # };
  # configure synapse to point users to coturn
  services.matrix-synapse = with config.services.coturn; {
-    turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
-    turn_shared_secret = static-auth-secret;
-    turn_user_lifetime = "1h";
+    settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
+    settings.turn_user_lifetime = "1h";
+    # turn_shared_secret = static-auth-secret;
+    extraConfigFiles = [
+      config.services.coturn.static-auth-secret-file
+    ];
  };
 }