fix: acme was blocked by tailscale

2024-04-02 17:55:12 +02:00 · 2024-04-02 17:55:12 +02:00 · 8201cafa28
parent 972a83efac
commit 8201cafa28
4 changed files with 78 additions and 10 deletions
--- a/coturn.nix
+++ b/coturn.nix
@ -56,17 +56,30 @@
      allowedTCPPorts = [ 3478 5349 ];
    };
  };
-  # get a certificate
+  services.nginx = {
-  security.acme.certs.${config.services.coturn.realm} = {
+    enable = true;
-    /* insert here the right configuration to obtain a certificate */
+    virtualHosts."turn.sondell.org" = {
-    postRun = "systemctl restart coturn.service";
+      forceSSL = true;
-    group = "turnserver";
+      enableACME = true;
    };
  };
  # get a certificate
  users.users.nginx.extraGroups = [
    "turnserver"
  ];
  # security.acme.certs.${config.services.coturn.realm} = {
  #   /* insert here the right configuration to obtain a certificate */
  #   postRun = "systemctl restart coturn.service";
  #   group = "turnserver";
  # };
  # configure synapse to point users to coturn
  services.matrix-synapse = with config.services.coturn; {
-    turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
+    settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
-    turn_shared_secret = static-auth-secret;
+    settings.turn_user_lifetime = "1h";
-    turn_user_lifetime = "1h";
+    # turn_shared_secret = static-auth-secret;
    extraConfigFiles = [
      config.services.coturn.static-auth-secret-file
    ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,44 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "home": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1711535911,
        "narHash": "sha256-SzgDrsyBskLyipFzsKwPOKP9FMgGB+6tUQ0VpeGQ/1Y=",
        "ref": "refs/heads/main",
        "rev": "80221fa4d735fbc232d97d3384c8af0e40a4e331",
        "revCount": 9,
        "type": "git",
        "url": "https://git.sondell.org/glennwso/home.git"
      },
      "original": {
        "type": "git",
        "url": "https://git.sondell.org/glennwso/home.git"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1709237383,
@ -18,8 +57,24 @@
    },
    "root": {
      "inputs": {
        "home": "home",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -24,7 +24,7 @@
        ./filebrowser.nix
        ./tail.nix
        ./matrix.nix
-        ./coturn.nix  # disabled becouse tls not solved
+        ./coturn.nix  
        # (import ./homepage.nix {inherit homepage;})
      ];
--- a/tail.nix
+++ b/tail.nix
@ -1,7 +1,7 @@
 { config, ... }:
 {
  services.tailscale = {
-    enable =true;
+    enable =false;
    useRoutingFeatures = "both";
    extraUpFlags = [
      "--advertise-exit-node"