diff options
| -rw-r--r-- | hosts/surtr/dns/zones/li.synapse.soa | 5 | ||||
| -rw-r--r-- | hosts/surtr/matrix/default.nix | 3 | ||||
| -rw-r--r-- | overlays/lego.nix | 9 |
3 files changed, 15 insertions, 2 deletions
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 1a7c57ea..2a87df9d 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN synapse.li. | 1 | $ORIGIN synapse.li. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022503 ; serial | 4 | 2022022600 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -27,6 +27,9 @@ element IN CNAME synapse.li. | |||
| 27 | _acme-challenge.element IN NS ns.yggdrasil.li. | 27 | _acme-challenge.element IN NS ns.yggdrasil.li. |
| 28 | 28 | ||
| 29 | turn IN CNAME synapse.li. | 29 | turn IN CNAME synapse.li. |
| 30 | turn IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" | ||
| 31 | turn IN CAA 128 issue "sectigo.com; validationmethods=dns-01" | ||
| 32 | turn IN CAA 128 iodef "mailto:caa@yggdrasil.li" | ||
| 30 | _acme-challenge.turn IN NS ns.yggdrasil.li. | 33 | _acme-challenge.turn IN NS ns.yggdrasil.li. |
| 31 | 34 | ||
| 32 | _stun._udp IN SRV 5 0 3478 turn.synapse.li. | 35 | _stun._udp IN SRV 5 0 3478 turn.synapse.li. |
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 1e923410..ce8a0831 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix | |||
| @@ -31,7 +31,7 @@ | |||
| 31 | tls_private_key_path = "/run/credentials/matrix-synapse.service/synapse.li.key.pem"; | 31 | tls_private_key_path = "/run/credentials/matrix-synapse.service/synapse.li.key.pem"; |
| 32 | tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path; | 32 | tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path; |
| 33 | 33 | ||
| 34 | turn_uris = ["turn:turn.synapse.li?transport=udp" "turn:turn.synapse.li?transport=tcp"]; | 34 | turn_uris = ["turns:turn.synapse.li?transport=udp" "turns:turn.synapse.li?transport=tcp"]; |
| 35 | turn_user_lifetime = "1h"; | 35 | turn_user_lifetime = "1h"; |
| 36 | 36 | ||
| 37 | extraConfigFiles = [ | 37 | extraConfigFiles = [ |
| @@ -155,6 +155,7 @@ | |||
| 155 | "turn.synapse.li" = { | 155 | "turn.synapse.li" = { |
| 156 | zone = "synapse.li"; | 156 | zone = "synapse.li"; |
| 157 | certCfg = { | 157 | certCfg = { |
| 158 | server = "https://acme.zerossl.com/v2/DV90"; | ||
| 158 | postRun = '' | 159 | postRun = '' |
| 159 | ${pkgs.systemd}/bin/systemctl try-restart coturn.service | 160 | ${pkgs.systemd}/bin/systemctl try-restart coturn.service |
| 160 | ''; | 161 | ''; |
diff --git a/overlays/lego.nix b/overlays/lego.nix new file mode 100644 index 00000000..0c2811df --- /dev/null +++ b/overlays/lego.nix | |||
| @@ -0,0 +1,9 @@ | |||
| 1 | prev: final: let | ||
| 2 | zerossl = prev.fetchpatch { | ||
| 3 | url = "https://patch-diff.githubusercontent.com/raw/go-acme/lego/pull/1501.patch"; | ||
| 4 | }; | ||
| 5 | in { | ||
| 6 | lego = prev.lego.overrideDerivation (oldAttrs: { | ||
| 7 | patches = oldAttrs.patches ++ [zerossl]; | ||
| 8 | }); | ||
| 9 | } | ||