mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:38:44 +08:00
enable coturn for vps6
This commit is contained in:
parent
67f6ec0d7c
commit
0a40f47aab
@ -251,6 +251,7 @@
|
||||
};
|
||||
};
|
||||
misskey-proxy = { "xn--qbtm095lrg0bfka60z.chn.moe" = {}; "xn--s8w913fdga.chn.moe" = {}; };
|
||||
coturn.enable = true;
|
||||
};
|
||||
boot =
|
||||
{
|
||||
|
37
modules/services/coturn.nix
Normal file
37
modules/services/coturn.nix
Normal file
@ -0,0 +1,37 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
port = mkOption { type = types.ints.unsigned; default = 5349; };
|
||||
hostname = mkOption { type = types.str; default = "coturn.chn.moe"; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) coturn;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (inputs.lib) mkIf mkMerge;
|
||||
inherit (builtins) map listToAttrs toString replaceStrings;
|
||||
in mkIf coturn.enable
|
||||
{
|
||||
services.coturn =
|
||||
let
|
||||
keydir = inputs.config.security.acme.certs.${coturn.hostname}.directory;
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret-file = inputs.config.sops.secrets."coturn/auth-secret".path;
|
||||
realm = coturn.hostname;
|
||||
cert = "${keydir}/full.pem";
|
||||
pkey = "${keydir}/key.pem";
|
||||
tls-listening-port = coturn.port;
|
||||
no-tcp = true;
|
||||
no-udp = true;
|
||||
no-cli = true;
|
||||
};
|
||||
sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
|
||||
nixos.services.acme = { enable = true; certs = [ coturn.hostname ]; };
|
||||
security.acme.certs.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
|
||||
};
|
||||
}
|
@ -9,6 +9,7 @@ inputs:
|
||||
./nginx.nix
|
||||
./meilisearch.nix
|
||||
./xray.nix
|
||||
./coturn.nix
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
|
@ -56,6 +56,8 @@ nginx:
|
||||
maxmind-license: ENC[AES256_GCM,data:sESU6uK9EYLido9/0sXO2Zw1SjuKmxPh4r3giJcaG7068gn1kByjsA==,iv:htnFgnLrH35zSvmlRAdoRDLFIpKroKO5dW9TNK9soUc=,tag:6pJuc54SrKP5n0kJJ7fGyA==,type:str]
|
||||
send:
|
||||
redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str]
|
||||
coturn:
|
||||
auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -80,8 +82,8 @@ sops:
|
||||
ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
|
||||
ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-26T09:44:39Z"
|
||||
mac: ENC[AES256_GCM,data:FzYn6rdp2hwqlnVrd/DbBlDnDCP9EJ6xWGX86Jp0NySfyVHTMQzmRgPR31S6+pBMIeH6Ca1PuoYQg8XKqI7JW1h/BLdDPOcf3k/ak1XF7BFuxAdNeB8cf2FoTyWw8Iwnu1RcNss9LoEMNVejQJfyfrQvBRDrjGpiYRYt2ondqhs=,iv:KCoraNT7SI3SAcPZakKe9XLyo9orNT6O+UYHahPYC78=,tag:J2ctEgAX2K9edEeyDNDWgQ==,type:str]
|
||||
lastmodified: "2023-08-29T12:27:39Z"
|
||||
mac: ENC[AES256_GCM,data:NnJiE2k2Oyt0QScaI8yAyA7qOMw7M8T8GOurpDx3Phy31Pa0GvXO23cf5ynp2IZooKoob/hPiP5E5ltnfbCdGhUCBgtSDOM6B6OGRWWCK1kz3G1yPn3DzCjrqUAjdHdEd94FTNCaBQUl0zw2U9mX6y8aoKNaYPcRM7pXn8GGRwU=,iv:B4tKjNqouaeEzHJplTwTOqqKITEAFQPlJxiiGeVt1qs=,tag:8BsB+ipGPXz8O19I0/e2iQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
@ -21,6 +21,8 @@ rsshub:
|
||||
youtube-refresh-token: ENC[AES256_GCM,data:pnXQ1euCdix2H7IxudmUUcpxc2OUhciKT8OcGV89c/EpoXHgx1+eLxwY5rRszroWwjge9M001RGHngvD/ny3phfWAwYmIzMJxun2f7JCPe7ybMesWmPSkiqVBss1Zfic1uB8mNM/yw==,iv:8p8/vATY8F3YuGA1TtjekiuaKOMnQyTMjrwDBJaK4VU=,tag:/jVg9FDOuLMNrupgrywpBQ==,type:str]
|
||||
mail:
|
||||
bot-encoded: ENC[AES256_GCM,data:HstqDfhKoLqDip9O+mwYGbNlNQ==,iv:CZSTfxJHhI6nG7501cQdJiZ9l3uKS7d5YsA8iVTUuoE=,tag:Rj3rvXJzDp8XzODV/gABog==,type:str]
|
||||
synapse:
|
||||
coturn: ENC[AES256_GCM,data:d0slDodWSVCMMgYXeLYcESuS3q2OkRI0fGTPAn1Ho+WLc/g8IHwSDtLt6W8j9UiBn1TpLVHnI71M6SZLwZK2XQ==,iv:nF89F/ezZFgCrS1WLLTgdV6pksSSgntJUdJ8Q2hVME4=,tag:Z0bJFFRdZCinrFDH9gyGwg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -45,8 +47,8 @@ sops:
|
||||
SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
|
||||
HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-08-26T15:54:26Z"
|
||||
mac: ENC[AES256_GCM,data:QHmTQmM9DkDTcbOpAnyv1uJWboy8S07shVMw7N9WAj4GfqQPGFynMuNdZIsm2TPRHSnQeWQz/BXGOVeA7tZvImMMsMlzIZM4q6Akoef82yv81XK7gCII/c2YLZ3MT7QEOZpITEYeroSyMhvpGl0353guB7A5RCfYthW9rjE3DZs=,iv:v3DiTGXEFgloYnqqyXF9ufQPGtNFj2SP5VvOzUiByfI=,tag:VQTul7ngAO7+WzHH7C4cKg==,type:str]
|
||||
lastmodified: "2023-08-29T12:27:54Z"
|
||||
mac: ENC[AES256_GCM,data:pbZqUybl1YVjUs/KPXN6Vt0kz9L3LBLxYHhTlHj5xXw4Ctjmo50kzN1bgNfCqRduNK9YtaO4SNK9AVPPQxE7KtXr7IbyCrFgDvLKGh8OzrEVAKKfiGmvJCaDxU0su6W3xc9CTsNj/xOM2KRfyBA9G3KfqLm3RN6FDLL3d4uukVs=,iv:uMb58lXVTNkn40IgrOhjxU2Xn68BzF58OfND1SyI0Y0=,tag:Wg2TWtNtoZ1Fi0ektIMtJA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
Loading…
Reference in New Issue
Block a user