diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-26 16:15:54 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-26 16:15:54 +0100 |
commit | 05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1 (patch) | |
tree | 6e50c519aba901546e041f6d605f5fd99aa98c35 | |
parent | d8d4c7c9f19002c7ce98e2d216125f687bfc3772 (diff) | |
download | nixos-05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1.tar nixos-05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1.tar.gz nixos-05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1.tar.bz2 nixos-05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1.tar.xz nixos-05809c0a2ef4dc4f94d59163cbbd52fd1de7a7a1.zip |
surtr: matrix: zerossl-cert for coturn
-rw-r--r-- | hosts/surtr/dns/zones/li.synapse.soa | 5 | ||||
-rw-r--r-- | hosts/surtr/matrix/default.nix | 3 | ||||
-rw-r--r-- | overlays/lego.nix | 9 |
3 files changed, 15 insertions, 2 deletions
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 1a7c57ea..2a87df9d 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN synapse.li. | 1 | $ORIGIN synapse.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022503 ; serial | 4 | 2022022600 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -27,6 +27,9 @@ element IN CNAME synapse.li. | |||
27 | _acme-challenge.element IN NS ns.yggdrasil.li. | 27 | _acme-challenge.element IN NS ns.yggdrasil.li. |
28 | 28 | ||
29 | turn IN CNAME synapse.li. | 29 | turn IN CNAME synapse.li. |
30 | turn IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" | ||
31 | turn IN CAA 128 issue "sectigo.com; validationmethods=dns-01" | ||
32 | turn IN CAA 128 iodef "mailto:caa@yggdrasil.li" | ||
30 | _acme-challenge.turn IN NS ns.yggdrasil.li. | 33 | _acme-challenge.turn IN NS ns.yggdrasil.li. |
31 | 34 | ||
32 | _stun._udp IN SRV 5 0 3478 turn.synapse.li. | 35 | _stun._udp IN SRV 5 0 3478 turn.synapse.li. |
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 1e923410..ce8a0831 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix | |||
@@ -31,7 +31,7 @@ | |||
31 | tls_private_key_path = "/run/credentials/matrix-synapse.service/synapse.li.key.pem"; | 31 | tls_private_key_path = "/run/credentials/matrix-synapse.service/synapse.li.key.pem"; |
32 | tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path; | 32 | tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path; |
33 | 33 | ||
34 | turn_uris = ["turn:turn.synapse.li?transport=udp" "turn:turn.synapse.li?transport=tcp"]; | 34 | turn_uris = ["turns:turn.synapse.li?transport=udp" "turns:turn.synapse.li?transport=tcp"]; |
35 | turn_user_lifetime = "1h"; | 35 | turn_user_lifetime = "1h"; |
36 | 36 | ||
37 | extraConfigFiles = [ | 37 | extraConfigFiles = [ |
@@ -155,6 +155,7 @@ | |||
155 | "turn.synapse.li" = { | 155 | "turn.synapse.li" = { |
156 | zone = "synapse.li"; | 156 | zone = "synapse.li"; |
157 | certCfg = { | 157 | certCfg = { |
158 | server = "https://acme.zerossl.com/v2/DV90"; | ||
158 | postRun = '' | 159 | postRun = '' |
159 | ${pkgs.systemd}/bin/systemctl try-restart coturn.service | 160 | ${pkgs.systemd}/bin/systemctl try-restart coturn.service |
160 | ''; | 161 | ''; |
diff --git a/overlays/lego.nix b/overlays/lego.nix new file mode 100644 index 00000000..0c2811df --- /dev/null +++ b/overlays/lego.nix | |||
@@ -0,0 +1,9 @@ | |||
1 | prev: final: let | ||
2 | zerossl = prev.fetchpatch { | ||
3 | url = "https://patch-diff.githubusercontent.com/raw/go-acme/lego/pull/1501.patch"; | ||
4 | }; | ||
5 | in { | ||
6 | lego = prev.lego.overrideDerivation (oldAttrs: { | ||
7 | patches = oldAttrs.patches ++ [zerossl]; | ||
8 | }); | ||
9 | } | ||