...

author: Gregor Kleen <gkleen@yggdrasil.li> 2024-08-08 10:45:09 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2024-08-08 10:45:09 +0200
commit: 63adb41f1a060c21a68143eb9e86c2790ef66f36 (patch)
tree: 3902b85e7659fd396ded1d2e42ea318153d08a13 /modules/coturn.nix
parent: 73b08cbd76d4471c9a6fddd05265d7d7fc4c45ff (diff)
download: nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.gz
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.bz2
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.xz
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.zip
1 files changed, 30 insertions, 30 deletions
diff --git a/modules/coturn.nix b/modules/coturn.nix
index faa4b5a2..d73d1bba 100644
--- a/modules/coturn.nix
+++ b/modules/coturn.nix
@@ -42,11 +42,11 @@ in {
  options = {
    services.coturn = {
-      enable = mkEnableOption (lib.mdDoc "coturn TURN server");
+      enable = mkEnableOption "coturn TURN server";
      listening-port = mkOption {
        type = types.int;
        default = 3478;
-        description = lib.mdDoc ''
+        description = ''
          TURN listener port for UDP and TCP.
          Note: actually, TLS and DTLS sessions can connect to the
          "plain" TCP and UDP port(s), too - if allowed by configuration.
@@ -55,7 +55,7 @@ in {
      tls-listening-port = mkOption {
        type = types.int;
        default = 5349;
-        description = lib.mdDoc ''
+        description = ''
          TURN listener port for TLS.
          Note: actually, "plain" TCP and UDP sessions can connect to the TLS and
          DTLS port(s), too - if allowed by configuration. The TURN server
@@ -71,7 +71,7 @@ in {
        type = types.int;
        default = cfg.listening-port + 1;
        defaultText = literalExpression "listening-port + 1";
-        description = lib.mdDoc ''
+        description = ''
          Alternative listening port for UDP and TCP listeners;
          default (or zero) value means "listening port plus one".
          This is needed for RFC 5780 support
@@ -86,7 +86,7 @@ in {
        type = types.int;
        default = cfg.tls-listening-port + 1;
        defaultText = literalExpression "tls-listening-port + 1";
-        description = lib.mdDoc ''
+        description = ''
          Alternative listening port for TLS and DTLS protocols.
        '';
      };
@@ -94,7 +94,7 @@ in {
        type = types.listOf types.str;
        default = [];
        example = [ "203.0.113.42" "2001:DB8::42" ];
-        description = lib.mdDoc ''
+        description = ''
          Listener IP addresses of relay server.
          If no IP(s) specified in the config file or in the command line options,
          then all IPv4 and IPv6 system IPs will be used for listening.
@@ -104,7 +104,7 @@ in {
        type = types.listOf types.str;
        default = [];
        example = [ "203.0.113.42" "2001:DB8::42" ];
-        description = lib.mdDoc ''
+        description = ''
          Relay address (the local IP address that will be used to relay the
          packets to the peer).
          Multiple relay addresses may be used.
@@ -120,28 +120,28 @@ in {
      min-port = mkOption {
        type = types.int;
        default = 49152;
-        description = lib.mdDoc ''
+        description = ''
          Lower bound of UDP relay endpoints
        '';
      };
      max-port = mkOption {
        type = types.int;
        default = 65535;
-        description = lib.mdDoc ''
+        description = ''
          Upper bound of UDP relay endpoints
        '';
      };
      lt-cred-mech = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc ''
+        description = ''
          Use long-term credential mechanism.
        '';
      };
      no-auth = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc ''
+        description = ''
          This option is opposite to lt-cred-mech.
          (TURN Server with no-auth option allows anonymous access).
          If neither option is defined, and no users are defined,
@@ -153,7 +153,7 @@ in {
      use-auth-secret = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc ''
+        description = ''
          TURN REST API flag.
          Flag that sets a special authorization option that is based upon authentication secret.
          This feature can be used with the long-term authentication mechanism, only.
@@ -177,7 +177,7 @@ in {
      static-auth-secret = mkOption {
        type = types.nullOr types.str;
        default = null;
-        description = lib.mdDoc ''
+        description = ''
          'Static' authentication secret value (a string) for TURN REST API only.
          If not set, then the turn server
          will try to use the 'dynamic' value in turn_secret table
@@ -188,7 +188,7 @@ in {
      static-auth-secret-file = mkOption {
        type = types.nullOr types.str;
        default = null;
-        description = lib.mdDoc ''
+        description = ''
          Path to the file containing the static authentication secret.
        '';
      };
@@ -197,7 +197,7 @@ in {
        default = config.networking.hostName;
        defaultText = literalExpression "config.networking.hostName";
        example = "example.com";
-        description = lib.mdDoc ''
+        description = ''
          The default realm to be used for the users when no explicit
          origin/realm relationship was found in the database, or if the TURN
          server is not using any database (just the commands-line settings
@@ -209,7 +209,7 @@ in {
        type = types.nullOr types.str;
        default = null;
        example = "/var/lib/acme/example.com/fullchain.pem";
-        description = lib.mdDoc ''
+        description = ''
          Certificate file in PEM format.
        '';
      };
@@ -217,21 +217,21 @@ in {
        type = types.nullOr types.str;
        default = null;
        example = "/var/lib/acme/example.com/key.pem";
-        description = lib.mdDoc ''
+        description = ''
          Private key file in PEM format.
        '';
      };
      dh-file = mkOption {
        type = types.nullOr types.str;
        default = null;
-        description = lib.mdDoc ''
+        description = ''
          Use custom DH TLS key, stored in PEM format in the file.
        '';
      };
      secure-stun = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc ''
+        description = ''
          Require authentication of the STUN Binding request.
          By default, the clients are allowed anonymous access to the STUN Binding functionality.
        '';
@@ -239,28 +239,28 @@ in {
      no-cli = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc ''
+        description = ''
          Turn OFF the CLI support.
        '';
      };
      cli-ip = mkOption {
        type = types.str;
        default = "127.0.0.1";
-        description = lib.mdDoc ''
+        description = ''
          Local system IP address to be used for CLI server endpoint.
        '';
      };
      cli-port = mkOption {
        type = types.int;
        default = 5766;
-        description = lib.mdDoc ''
+        description = ''
          CLI server port.
        '';
      };
      cli-password = mkOption {
        type = types.nullOr types.str;
        default = null;
-        description = lib.mdDoc ''
+        description = ''
          CLI access password.
          For the security reasons, it is recommended to use the encrypted
          for of the password (see the -P command in the turnadmin utility).
@@ -269,37 +269,37 @@ in {
      no-udp = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable UDP client listener";
+        description = "Disable UDP client listener";
      };
      no-tcp = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable TCP client listener";
+        description = "Disable TCP client listener";
      };
      no-tls = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable TLS client listener";
+        description = "Disable TLS client listener";
      };
      no-dtls = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable DTLS client listener";
+        description = "Disable DTLS client listener";
      };
      no-udp-relay = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable UDP relay endpoints";
+        description = "Disable UDP relay endpoints";
      };
      no-tcp-relay = mkOption {
        type = types.bool;
        default = false;
-        description = lib.mdDoc "Disable TCP relay endpoints";
+        description = "Disable TCP relay endpoints";
      };
      extraConfig = mkOption {
        type = types.lines;
        default = "";
-        description = lib.mdDoc "Additional configuration options";
+        description = "Additional configuration options";
      };
    };
  };
author	Gregor Kleen <gkleen@yggdrasil.li>	2024-08-08 10:45:09 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2024-08-08 10:45:09 +0200
commit	63adb41f1a060c21a68143eb9e86c2790ef66f36 (patch)
tree	3902b85e7659fd396ded1d2e42ea318153d08a13 /modules/coturn.nix
parent	73b08cbd76d4471c9a6fddd05265d7d7fc4c45ff (diff)
download	nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.gz nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.bz2 nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.xz nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.zip

diff --git a/modules/coturn.nix b/modules/coturn.nix index faa4b5a2..d73d1bba 100644 --- a/modules/coturn.nix +++ b/modules/coturn.nix
@@ -42,11 +42,11 @@ in {
42		42
43	options = {	43	options = {
44	services.coturn = {	44	services.coturn = {
45	enable = mkEnableOption (lib.mdDoc "coturn TURN server");	45	enable = mkEnableOption "coturn TURN server";
46	listening-port = mkOption {	46	listening-port = mkOption {
47	type = types.int;	47	type = types.int;
48	default = 3478;	48	default = 3478;
49	description = lib.mdDoc ''	49	description = ''
50	TURN listener port for UDP and TCP.	50	TURN listener port for UDP and TCP.
51	Note: actually, TLS and DTLS sessions can connect to the	51	Note: actually, TLS and DTLS sessions can connect to the
52	"plain" TCP and UDP port(s), too - if allowed by configuration.	52	"plain" TCP and UDP port(s), too - if allowed by configuration.
@@ -55,7 +55,7 @@ in {
55	tls-listening-port = mkOption {	55	tls-listening-port = mkOption {
56	type = types.int;	56	type = types.int;
57	default = 5349;	57	default = 5349;
58	description = lib.mdDoc ''	58	description = ''
59	TURN listener port for TLS.	59	TURN listener port for TLS.
60	Note: actually, "plain" TCP and UDP sessions can connect to the TLS and	60	Note: actually, "plain" TCP and UDP sessions can connect to the TLS and
61	DTLS port(s), too - if allowed by configuration. The TURN server	61	DTLS port(s), too - if allowed by configuration. The TURN server
@@ -71,7 +71,7 @@ in {
71	type = types.int;	71	type = types.int;
72	default = cfg.listening-port + 1;	72	default = cfg.listening-port + 1;
73	defaultText = literalExpression "listening-port + 1";	73	defaultText = literalExpression "listening-port + 1";
74	description = lib.mdDoc ''	74	description = ''
75	Alternative listening port for UDP and TCP listeners;	75	Alternative listening port for UDP and TCP listeners;
76	default (or zero) value means "listening port plus one".	76	default (or zero) value means "listening port plus one".
77	This is needed for RFC 5780 support	77	This is needed for RFC 5780 support
@@ -86,7 +86,7 @@ in {
86	type = types.int;	86	type = types.int;
87	default = cfg.tls-listening-port + 1;	87	default = cfg.tls-listening-port + 1;
88	defaultText = literalExpression "tls-listening-port + 1";	88	defaultText = literalExpression "tls-listening-port + 1";
89	description = lib.mdDoc ''	89	description = ''
90	Alternative listening port for TLS and DTLS protocols.	90	Alternative listening port for TLS and DTLS protocols.
91	'';	91	'';
92	};	92	};
@@ -94,7 +94,7 @@ in {
94	type = types.listOf types.str;	94	type = types.listOf types.str;
95	default = [];	95	default = [];
96	example = [ "203.0.113.42" "2001:DB8::42" ];	96	example = [ "203.0.113.42" "2001:DB8::42" ];
97	description = lib.mdDoc ''	97	description = ''
98	Listener IP addresses of relay server.	98	Listener IP addresses of relay server.
99	If no IP(s) specified in the config file or in the command line options,	99	If no IP(s) specified in the config file or in the command line options,
100	then all IPv4 and IPv6 system IPs will be used for listening.	100	then all IPv4 and IPv6 system IPs will be used for listening.
@@ -104,7 +104,7 @@ in {
104	type = types.listOf types.str;	104	type = types.listOf types.str;
105	default = [];	105	default = [];
106	example = [ "203.0.113.42" "2001:DB8::42" ];	106	example = [ "203.0.113.42" "2001:DB8::42" ];
107	description = lib.mdDoc ''	107	description = ''
108	Relay address (the local IP address that will be used to relay the	108	Relay address (the local IP address that will be used to relay the
109	packets to the peer).	109	packets to the peer).
110	Multiple relay addresses may be used.	110	Multiple relay addresses may be used.
@@ -120,28 +120,28 @@ in {
120	min-port = mkOption {	120	min-port = mkOption {
121	type = types.int;	121	type = types.int;
122	default = 49152;	122	default = 49152;
123	description = lib.mdDoc ''	123	description = ''
124	Lower bound of UDP relay endpoints	124	Lower bound of UDP relay endpoints
125	'';	125	'';
126	};	126	};
127	max-port = mkOption {	127	max-port = mkOption {
128	type = types.int;	128	type = types.int;
129	default = 65535;	129	default = 65535;
130	description = lib.mdDoc ''	130	description = ''
131	Upper bound of UDP relay endpoints	131	Upper bound of UDP relay endpoints
132	'';	132	'';
133	};	133	};
134	lt-cred-mech = mkOption {	134	lt-cred-mech = mkOption {
135	type = types.bool;	135	type = types.bool;
136	default = false;	136	default = false;
137	description = lib.mdDoc ''	137	description = ''
138	Use long-term credential mechanism.	138	Use long-term credential mechanism.
139	'';	139	'';
140	};	140	};
141	no-auth = mkOption {	141	no-auth = mkOption {
142	type = types.bool;	142	type = types.bool;
143	default = false;	143	default = false;
144	description = lib.mdDoc ''	144	description = ''
145	This option is opposite to lt-cred-mech.	145	This option is opposite to lt-cred-mech.
146	(TURN Server with no-auth option allows anonymous access).	146	(TURN Server with no-auth option allows anonymous access).
147	If neither option is defined, and no users are defined,	147	If neither option is defined, and no users are defined,
@@ -153,7 +153,7 @@ in {
153	use-auth-secret = mkOption {	153	use-auth-secret = mkOption {
154	type = types.bool;	154	type = types.bool;
155	default = false;	155	default = false;
156	description = lib.mdDoc ''	156	description = ''
157	TURN REST API flag.	157	TURN REST API flag.
158	Flag that sets a special authorization option that is based upon authentication secret.	158	Flag that sets a special authorization option that is based upon authentication secret.
159	This feature can be used with the long-term authentication mechanism, only.	159	This feature can be used with the long-term authentication mechanism, only.
@@ -177,7 +177,7 @@ in {
177	static-auth-secret = mkOption {	177	static-auth-secret = mkOption {
178	type = types.nullOr types.str;	178	type = types.nullOr types.str;
179	default = null;	179	default = null;
180	description = lib.mdDoc ''	180	description = ''
181	'Static' authentication secret value (a string) for TURN REST API only.	181	'Static' authentication secret value (a string) for TURN REST API only.
182	If not set, then the turn server	182	If not set, then the turn server
183	will try to use the 'dynamic' value in turn_secret table	183	will try to use the 'dynamic' value in turn_secret table
@@ -188,7 +188,7 @@ in {
188	static-auth-secret-file = mkOption {	188	static-auth-secret-file = mkOption {
189	type = types.nullOr types.str;	189	type = types.nullOr types.str;
190	default = null;	190	default = null;
191	description = lib.mdDoc ''	191	description = ''
192	Path to the file containing the static authentication secret.	192	Path to the file containing the static authentication secret.
193	'';	193	'';
194	};	194	};
@@ -197,7 +197,7 @@ in {
197	default = config.networking.hostName;	197	default = config.networking.hostName;
198	defaultText = literalExpression "config.networking.hostName";	198	defaultText = literalExpression "config.networking.hostName";
199	example = "example.com";	199	example = "example.com";
200	description = lib.mdDoc ''	200	description = ''
201	The default realm to be used for the users when no explicit	201	The default realm to be used for the users when no explicit
202	origin/realm relationship was found in the database, or if the TURN	202	origin/realm relationship was found in the database, or if the TURN
203	server is not using any database (just the commands-line settings	203	server is not using any database (just the commands-line settings
@@ -209,7 +209,7 @@ in {
209	type = types.nullOr types.str;	209	type = types.nullOr types.str;
210	default = null;	210	default = null;
211	example = "/var/lib/acme/example.com/fullchain.pem";	211	example = "/var/lib/acme/example.com/fullchain.pem";
212	description = lib.mdDoc ''	212	description = ''
213	Certificate file in PEM format.	213	Certificate file in PEM format.
214	'';	214	'';
215	};	215	};
@@ -217,21 +217,21 @@ in {
217	type = types.nullOr types.str;	217	type = types.nullOr types.str;
218	default = null;	218	default = null;
219	example = "/var/lib/acme/example.com/key.pem";	219	example = "/var/lib/acme/example.com/key.pem";
220	description = lib.mdDoc ''	220	description = ''
221	Private key file in PEM format.	221	Private key file in PEM format.
222	'';	222	'';
223	};	223	};
224	dh-file = mkOption {	224	dh-file = mkOption {
225	type = types.nullOr types.str;	225	type = types.nullOr types.str;
226	default = null;	226	default = null;
227	description = lib.mdDoc ''	227	description = ''
228	Use custom DH TLS key, stored in PEM format in the file.	228	Use custom DH TLS key, stored in PEM format in the file.
229	'';	229	'';
230	};	230	};
231	secure-stun = mkOption {	231	secure-stun = mkOption {
232	type = types.bool;	232	type = types.bool;
233	default = false;	233	default = false;
234	description = lib.mdDoc ''	234	description = ''
235	Require authentication of the STUN Binding request.	235	Require authentication of the STUN Binding request.
236	By default, the clients are allowed anonymous access to the STUN Binding functionality.	236	By default, the clients are allowed anonymous access to the STUN Binding functionality.
237	'';	237	'';
@@ -239,28 +239,28 @@ in {
239	no-cli = mkOption {	239	no-cli = mkOption {
240	type = types.bool;	240	type = types.bool;
241	default = false;	241	default = false;
242	description = lib.mdDoc ''	242	description = ''
243	Turn OFF the CLI support.	243	Turn OFF the CLI support.
244	'';	244	'';
245	};	245	};
246	cli-ip = mkOption {	246	cli-ip = mkOption {
247	type = types.str;	247	type = types.str;
248	default = "127.0.0.1";	248	default = "127.0.0.1";
249	description = lib.mdDoc ''	249	description = ''
250	Local system IP address to be used for CLI server endpoint.	250	Local system IP address to be used for CLI server endpoint.
251	'';	251	'';
252	};	252	};
253	cli-port = mkOption {	253	cli-port = mkOption {
254	type = types.int;	254	type = types.int;
255	default = 5766;	255	default = 5766;
256	description = lib.mdDoc ''	256	description = ''
257	CLI server port.	257	CLI server port.
258	'';	258	'';
259	};	259	};
260	cli-password = mkOption {	260	cli-password = mkOption {
261	type = types.nullOr types.str;	261	type = types.nullOr types.str;
262	default = null;	262	default = null;
263	description = lib.mdDoc ''	263	description = ''
264	CLI access password.	264	CLI access password.
265	For the security reasons, it is recommended to use the encrypted	265	For the security reasons, it is recommended to use the encrypted
266	for of the password (see the -P command in the turnadmin utility).	266	for of the password (see the -P command in the turnadmin utility).
@@ -269,37 +269,37 @@ in {
269	no-udp = mkOption {	269	no-udp = mkOption {
270	type = types.bool;	270	type = types.bool;
271	default = false;	271	default = false;
272	description = lib.mdDoc "Disable UDP client listener";	272	description = "Disable UDP client listener";
273	};	273	};
274	no-tcp = mkOption {	274	no-tcp = mkOption {
275	type = types.bool;	275	type = types.bool;
276	default = false;	276	default = false;
277	description = lib.mdDoc "Disable TCP client listener";	277	description = "Disable TCP client listener";
278	};	278	};
279	no-tls = mkOption {	279	no-tls = mkOption {
280	type = types.bool;	280	type = types.bool;
281	default = false;	281	default = false;
282	description = lib.mdDoc "Disable TLS client listener";	282	description = "Disable TLS client listener";
283	};	283	};
284	no-dtls = mkOption {	284	no-dtls = mkOption {
285	type = types.bool;	285	type = types.bool;
286	default = false;	286	default = false;
287	description = lib.mdDoc "Disable DTLS client listener";	287	description = "Disable DTLS client listener";
288	};	288	};
289	no-udp-relay = mkOption {	289	no-udp-relay = mkOption {
290	type = types.bool;	290	type = types.bool;
291	default = false;	291	default = false;
292	description = lib.mdDoc "Disable UDP relay endpoints";	292	description = "Disable UDP relay endpoints";
293	};	293	};
294	no-tcp-relay = mkOption {	294	no-tcp-relay = mkOption {
295	type = types.bool;	295	type = types.bool;
296	default = false;	296	default = false;
297	description = lib.mdDoc "Disable TCP relay endpoints";	297	description = "Disable TCP relay endpoints";
298	};	298	};
299	extraConfig = mkOption {	299	extraConfig = mkOption {
300	type = types.lines;	300	type = types.lines;
301	default = "";	301	default = "";
302	description = lib.mdDoc "Additional configuration options";	302	description = "Additional configuration options";
303	};	303	};
304	};	304	};
305	};	305	};