From e64f7a78e01e5fa661471cb518cc71fc33223b5a Mon Sep 17 00:00:00 2001
From: polwex <polwex@sortug.com>
Date: Sun, 21 Jul 2024 01:49:04 +0700
Subject: m

---
 hosts/cloud/oldsortug/coturn.nix | 60 ----------------------------------------
 1 file changed, 60 deletions(-)
 delete mode 100644 hosts/cloud/oldsortug/coturn.nix

(limited to 'hosts/cloud/oldsortug/coturn.nix')

diff --git a/hosts/cloud/oldsortug/coturn.nix b/hosts/cloud/oldsortug/coturn.nix
deleted file mode 100644
index aaf097c..0000000
--- a/hosts/cloud/oldsortug/coturn.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ ... }: 
-
-{
-  services.coturn = {
-    enable = true;
-    lt-cred-mech = true;
-    # use-auth-secret = true;
-    # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC";
-    realm = "turn.sortug.com";
-    # relay-ips = [
-    #   "<public-server-ip>"
-    # ];
-    # no-tcp-relay = true;
-    extraConfig = "
-      cipher-list=\"HIGH\"
-      no-loopback-peers
-      no-multicast-peers
-    ";
-    # secure-stun = true;
-    cert = "/var/lib/acme/turn.sortug.com/fullchain.pem";
-    pkey = "/var/lib/acme/turn.sortug.com/key.pem";
-    min-port = 49152;
-    max-port = 49999;
-  };
-
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-    allowPing = false;
-    allowedTCPPorts = [
-      5349  # STUN tls
-      5350  # STUN tls alt
-      80    # http
-      443   # https
-    ];
-    allowedUDPPortRanges = [
-      { from=49152; to=49999; } # TURN relay
-    ];
-  };
-
-  # setup certs
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "turn.sortug.com" = {
-        forceSSL = true;
-        enableACME = true;
-      };
-    };
-  };
-  users.groups.turnserver.members = ["nginx" "coturn"];
-
-  # share certs with coturn and restart on renewal
-  security.acme.certs = {
-    "turn.sortug.com" = {
-      postRun = "systemctl reload nginx.service; systemctl restart coturn.service";
-    };
-  };
-}  
-
-- 
cgit v1.2.3