kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Not working coturn + ssl fix

Browse source
This commit is contained in:
Aleksandr Lebedev 2025-04-03 18:43:12 +00:00
parent a337a12561
commit e9047f10db
1 changed files with 38 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

89
nixos/hosts/kylekrein-server/default.nix
View file

@ -63,27 +63,19 @@ users = {
enable = true; # Hopefully? helps with freezing when using swap enable = true; # Hopefully? helps with freezing when using swap
}; };
#Chat host #Chat host
networking.firewall.allowedTCPPorts = [ 80 443 22 8448 ]; networking.firewall.allowedTCPPorts = [ 80 443 22 8448
security.acme = { #3478 5349
acceptTerms = true;
defaults.email = "alex.lebedev2003@icloud.com";
certs = {
"kylekrein.com" = {
webroot = "/var/lib/acme/challenges-kylekrein";
email = "alex.lebedev2003@icloud.com";
group = "nginx";
extraDomainNames = [
"matrix.kylekrein.com"
#"chat.kylekrein.com"
]; ];
}; # networking.firewall.allowedUDPPortRanges = with config.services.coturn; [ {
}; # from = min-port;
}; # to = max-port;
users.users.nginx.extraGroups = [ "acme" ]; #} ];
sops.secrets."services/conduwuit" = {neededForUsers = true;}; #networking.firewall.allowedUDPPorts = [ 3478 5349 ];
sops.secrets."services/conduwuit" = {mode = "0755";};
services.conduwuit = { services.conduwuit = {
enable = true; enable = true;
#user = "turnserver";
settings = { settings = {
global = { global = {
server_name = "kylekrein.com"; server_name = "kylekrein.com";
@ -100,45 +92,36 @@ users = {
CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🐝"; CONDUWUIT_NEW_USER_DISPLAYNAME_SUFFIX = "🐝";
CONDUWUIT_REQUIRE_AUTH_FOR_PROFILE_REQUESTS = "true"; CONDUWUIT_REQUIRE_AUTH_FOR_PROFILE_REQUESTS = "true";
CONDUWUIT_ALLOW_LOCAL_PRESENCE = "true"; CONDUWUIT_ALLOW_LOCAL_PRESENCE = "true";
CONDUWUIT_WELL_KNOWN__SERVER = "matrix.kylekrein.com:443";
CONDUWUIT_WELL_KNOWN__CLIENT = "https://matrix.kylekrein.com";
#CONDUWUIT_TURN_URIS = "turn:turn.kylekrein.com:3478?transport=udp";
#CONDUWUIT_TURN_SECRET = "true";
#CONDUWUIT_TURN_SECRET_FILE = "\"${config.sops.secrets."services/conduwuit".path}\"";
}; };
}; };
services.coturn = rec {
services.nginx.enable = true; enable = false;
services.nginx = { no-cli = true;
# Use recommended settings no-tcp-relay = true;
recommendedGzipSettings = true; min-port = 49000;
recommendedOptimisation = true; max-port = 50000;
recommendedProxySettings = true; use-auth-secret = true;
recommendedTlsSettings = true; static-auth-secret-file = config.sops.secrets."services/conduwuit".path;
clientMaxBodySize = "20000000"; realm = "turn.kylekrein.com";
#cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
#pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
}; };
services.nginx.virtualHosts = let services.caddy = {
SSL = { enable = true;
#enableACME = true; virtualHosts."kylekrein.com:8448".extraConfig = ''
forceSSL = true; reverse_proxy http://localhost:6167
useACMEHost = "kylekrein.com"; '';
acmeRoot = "/var/lib/acme/challenges-kylekrein"; virtualHosts."matrix.kylekrein.com, matrix.kylekrein.com:8448".extraConfig = ''
}; in { reverse_proxy http://localhost:6167
"kylekrein.com" = (SSL // { '';
listen = [{port = 443; addr="0.0.0.0"; ssl=true;} {port = 8448; addr="0.0.0.0"; ssl=true;}]; #virtualHosts."turn.kylekrein.com:3478".extraConfig = ''
locations."/" = { #reverse_proxy http://localhost:3478
proxyPass = "http://localhost:6167"; #'';
proxyWebsockets = true;
};
});
#"chat.kylekrein.com" = (SSL // {
# locations."/" = {
# proxyPass = "http://localhost:8080/";
# proxyWebsockets = true;
# };
#});
"matrix.kylekrein.com" = (SSL // {
listen = [{port = 443; addr="0.0.0.0"; ssl=true;} {port = 8448; addr="0.0.0.0"; ssl=true;}];
locations."/" = {
proxyPass = "http://localhost:6167";
proxyWebsockets = true;
};
});
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";
nix = { nix = {