feat: add coturn to matrix

2026-03-03 09:51:47 +01:00 · 2026-03-03 09:51:47 +01:00 · 709af80e73
commit 709af80e73
parent 8451acdd8f
6 changed files with 174 additions and 98 deletions
--- a/hosts/fw/modules/coturn.nix
+++ b/hosts/fw/modules/coturn.nix
@ -0,0 +1,32 @@
+{ config, ... }:
+let
+  domain = "turn.cloonar.com";
+in
+{
+  security.acme.certs."${domain}" = {
+    group = "turnserver";
+    postRun = "systemctl try-restart coturn.service";
+  };
+
+  sops.secrets.coturn-static-secret = {
+    owner = "turnserver";
+  };
+
+  services.coturn = {
+    enable = true;
+    realm = domain;
+    use-auth-secret = true;
+    static-auth-secret-file = config.sops.secrets.coturn-static-secret.path;
+    cert = "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
+    pkey = "${config.security.acme.certs.${domain}.directory}/key.pem";
+    min-port = 49152;
+    max-port = 49999;
+    no-tcp-relay = true;
+    no-cli = true;
+  };
+
+  systemd.services.coturn = {
+    after = [ "acme-${domain}.service" ];
+    wants = [ "acme-${domain}.service" ];
+  };
+}