motiejus/config
1
Fork 0
Code Packages Releases Activity

coturn: add tls key and cert

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-03-01 13:00:27 +02:00
parent 2e970a22ce
commit f537b43a0d
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
configuration.nix
View File

@ -344,6 +344,8 @@ in {
coturn = { coturn = {
enable = true; enable = true;
static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret"; static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret";
cert = "/run/coturn/tls-cert.pem";
pkey = "/run/coturn/tls-key.pem";
}; };
postfix = { postfix = {
@ -432,16 +434,20 @@ in {
}; };
coturn = let coturn = let
cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt/"; cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt";
in { in {
preStart = ''
ln -sf ''${CREDENTIALS_DIRECTORY}/tls-key.pem /run/coturn/tls-key.pem
ln -sf ''${CREDENTIALS_DIRECTORY}/tls-cert.pem /run/coturn/tls-cert.pem
'';
unitConfig.ConditionPathExists = [ unitConfig.ConditionPathExists = [
"${cert_dir}/turn.jakstys.lt.key" "${cert_dir}/turn.jakstys.lt.key"
"${cert_dir}/turn.jakstys.lt.crt" "${cert_dir}/turn.jakstys.lt.crt"
]; ];
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"static-auth-secret:/var/src/secrets/turn/static-auth-secret" "static-auth-secret:/var/src/secrets/turn/static-auth-secret"
"tls-key:${cert_dir}/turn.jakstys.lt.key" "tls-key.pem:${cert_dir}/turn.jakstys.lt.key"
"tls-cert:${cert_dir}/turn.jakstys.lt.crt" "tls-cert.pem:${cert_dir}/turn.jakstys.lt.crt"
]; ];
}; };