diff --git a/hosts/VEGAS/services/matrix/coturn.nix b/hosts/VEGAS/services/matrix/coturn.nix index 920446f..321dcda 100644 --- a/hosts/VEGAS/services/matrix/coturn.nix +++ b/hosts/VEGAS/services/matrix/coturn.nix @@ -1,8 +1,5 @@ { config, tools, ... }: { - imports = [ - ../../../../modules/backports/coturn-static-auth-secret-file.nix - ]; age.secrets = { coturn-static-auth = { file = ../../../../secrets/coturn-static-auth.age; diff --git a/modules/backports/coturn-static-auth-secret-file.nix b/modules/backports/coturn-static-auth-secret-file.nix deleted file mode 100644 index 89d1eb1..0000000 --- a/modules/backports/coturn-static-auth-secret-file.nix +++ /dev/null @@ -1,76 +0,0 @@ -# based on https://github.com/NixOS/nixpkgs/pull/129059 -# FIXME: this module does not verify duplicate settings -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.services.coturn; - pidfile = "/run/turnserver/turnserver.pid"; - # unfortunately, we need to re-render the entire config file ourselves - configFile = pkgs.writeText "turnserver.conf" '' -listening-port=${toString cfg.listening-port} -tls-listening-port=${toString cfg.tls-listening-port} -alt-listening-port=${toString cfg.alt-listening-port} -alt-tls-listening-port=${toString cfg.alt-tls-listening-port} -${concatStringsSep "\n" (map (x: "listening-ip=${x}") cfg.listening-ips)} -${concatStringsSep "\n" (map (x: "relay-ip=${x}") cfg.relay-ips)} -min-port=${toString cfg.min-port} -max-port=${toString cfg.max-port} -${lib.optionalString cfg.lt-cred-mech "lt-cred-mech"} -${lib.optionalString cfg.no-auth "no-auth"} -${lib.optionalString cfg.use-auth-secret "use-auth-secret"} -${lib.optionalString (cfg.static-auth-secret != null) ("static-auth-secret=${cfg.static-auth-secret}")} -realm=${cfg.realm} -${lib.optionalString cfg.no-udp "no-udp"} -${lib.optionalString cfg.no-tcp "no-tcp"} -${lib.optionalString cfg.no-tls "no-tls"} -${lib.optionalString cfg.no-dtls "no-dtls"} -${lib.optionalString cfg.no-udp-relay "no-udp-relay"} -${lib.optionalString cfg.no-tcp-relay "no-tcp-relay"} -${lib.optionalString (cfg.cert != null) "cert=${cfg.cert}"} -${lib.optionalString (cfg.pkey != null) "pkey=${cfg.pkey}"} -${lib.optionalString (cfg.dh-file != null) ("dh-file=${cfg.dh-file}")} -no-stdout-log -syslog -pidfile=${pidfile} -${lib.optionalString cfg.secure-stun "secure-stun"} -${lib.optionalString cfg.no-cli "no-cli"} -cli-ip=${cfg.cli-ip} -cli-port=${toString cfg.cli-port} -${lib.optionalString (cfg.cli-password != null) ("cli-password=${cfg.cli-password}")} -${cfg.extraConfig} -''; -in -{ - options = { - services.coturn = { - static-auth-secret-file = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Path to the file containing the static authentication secret. - ''; - }; - }; - }; - config = mkIf cfg.enable { - systemd.services.coturn = let - runConfig = "/run/coturn/turnserver.cfg"; - in { - preStart = '' - cat ${configFile} > ${runConfig} - ${optionalString (cfg.static-auth-secret-file != null) '' - STATIC_AUTH_SECRET="$(head -n1 ${cfg.static-auth-secret-file} || :)" - echo "static-auth-secret=$STATIC_AUTH_SECRET" >> ${runConfig} - '' } - chmod 640 ${runConfig} - ''; - - serviceConfig = { - ExecStart = mkForce "${pkgs.coturn}/bin/turnserver -c ${runConfig}"; - }; - }; - systemd.tmpfiles.rules = [ - "d /run/coturn 0700 turnserver turnserver - -" - ]; - }; -}