jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix TLS certificate handling

Browse source
This commit is contained in:
Jakob Lechner 2024-11-15 01:20:01 +01:00
parent 98881dcfbc
commit 42929033eb
1 changed files with 13 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hosts/magnesium/services/coturn.nix
View file

@ -37,9 +37,6 @@ in
no-tcp-relay = true;
cert = "/run/turnserver/fullchain.pem";
pkey = "/run/turnserver/key.pem";
no-cli = true;
extraConfig = ''
@ -80,9 +77,19 @@ in
systemd.services.coturn = {
after = [ "acme-finished-${fqdn}.target" ];
serviceConfig = {
ExecStartPre = lib.singleton "!${pkgs.writeShellScript "coturn-setup-tls" ''
cp ${config.security.acme.certs."${fqdn}".directory}/{fullchain,key}.pem /run/turnserver/
chgrp turnserver /run/turnserver/{fullchain,key}.pem
Environment = [
"CERT_FILE=%d/fullchain.pem"
"KEY_FILE=%d/key.pem"
];
LoadCredential = [
"fullchain.pem:${config.security.acme.certs."${fqdn}".directory}/fullchain.pem"
"key.pem:${config.security.acme.certs."${fqdn}".directory}/key.pem"
];
ExecStartPre = lib.singleton "${pkgs.writeShellScript "coturn-setup-tls" ''
cat >> /run/coturn/turnserver.cfg << EOF
cert="$CERT_FILE";
pkey="$KEY_FILE";
EOF
''}";
};
};