summaryrefslogtreecommitdiff
path: root/modules/coturn.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/coturn.nix')
-rw-r--r--modules/coturn.nix60
1 files changed, 30 insertions, 30 deletions
diff --git a/modules/coturn.nix b/modules/coturn.nix
index faa4b5a2..d73d1bba 100644
--- a/modules/coturn.nix
+++ b/modules/coturn.nix
@@ -42,11 +42,11 @@ in {
42 42
43 options = { 43 options = {
44 services.coturn = { 44 services.coturn = {
45 enable = mkEnableOption (lib.mdDoc "coturn TURN server"); 45 enable = mkEnableOption "coturn TURN server";
46 listening-port = mkOption { 46 listening-port = mkOption {
47 type = types.int; 47 type = types.int;
48 default = 3478; 48 default = 3478;
49 description = lib.mdDoc '' 49 description = ''
50 TURN listener port for UDP and TCP. 50 TURN listener port for UDP and TCP.
51 Note: actually, TLS and DTLS sessions can connect to the 51 Note: actually, TLS and DTLS sessions can connect to the
52 "plain" TCP and UDP port(s), too - if allowed by configuration. 52 "plain" TCP and UDP port(s), too - if allowed by configuration.
@@ -55,7 +55,7 @@ in {
55 tls-listening-port = mkOption { 55 tls-listening-port = mkOption {
56 type = types.int; 56 type = types.int;
57 default = 5349; 57 default = 5349;
58 description = lib.mdDoc '' 58 description = ''
59 TURN listener port for TLS. 59 TURN listener port for TLS.
60 Note: actually, "plain" TCP and UDP sessions can connect to the TLS and 60 Note: actually, "plain" TCP and UDP sessions can connect to the TLS and
61 DTLS port(s), too - if allowed by configuration. The TURN server 61 DTLS port(s), too - if allowed by configuration. The TURN server
@@ -71,7 +71,7 @@ in {
71 type = types.int; 71 type = types.int;
72 default = cfg.listening-port + 1; 72 default = cfg.listening-port + 1;
73 defaultText = literalExpression "listening-port + 1"; 73 defaultText = literalExpression "listening-port + 1";
74 description = lib.mdDoc '' 74 description = ''
75 Alternative listening port for UDP and TCP listeners; 75 Alternative listening port for UDP and TCP listeners;
76 default (or zero) value means "listening port plus one". 76 default (or zero) value means "listening port plus one".
77 This is needed for RFC 5780 support 77 This is needed for RFC 5780 support
@@ -86,7 +86,7 @@ in {
86 type = types.int; 86 type = types.int;
87 default = cfg.tls-listening-port + 1; 87 default = cfg.tls-listening-port + 1;
88 defaultText = literalExpression "tls-listening-port + 1"; 88 defaultText = literalExpression "tls-listening-port + 1";
89 description = lib.mdDoc '' 89 description = ''
90 Alternative listening port for TLS and DTLS protocols. 90 Alternative listening port for TLS and DTLS protocols.
91 ''; 91 '';
92 }; 92 };
@@ -94,7 +94,7 @@ in {
94 type = types.listOf types.str; 94 type = types.listOf types.str;
95 default = []; 95 default = [];
96 example = [ "203.0.113.42" "2001:DB8::42" ]; 96 example = [ "203.0.113.42" "2001:DB8::42" ];
97 description = lib.mdDoc '' 97 description = ''
98 Listener IP addresses of relay server. 98 Listener IP addresses of relay server.
99 If no IP(s) specified in the config file or in the command line options, 99 If no IP(s) specified in the config file or in the command line options,
100 then all IPv4 and IPv6 system IPs will be used for listening. 100 then all IPv4 and IPv6 system IPs will be used for listening.
@@ -104,7 +104,7 @@ in {
104 type = types.listOf types.str; 104 type = types.listOf types.str;
105 default = []; 105 default = [];
106 example = [ "203.0.113.42" "2001:DB8::42" ]; 106 example = [ "203.0.113.42" "2001:DB8::42" ];
107 description = lib.mdDoc '' 107 description = ''
108 Relay address (the local IP address that will be used to relay the 108 Relay address (the local IP address that will be used to relay the
109 packets to the peer). 109 packets to the peer).
110 Multiple relay addresses may be used. 110 Multiple relay addresses may be used.
@@ -120,28 +120,28 @@ in {
120 min-port = mkOption { 120 min-port = mkOption {
121 type = types.int; 121 type = types.int;
122 default = 49152; 122 default = 49152;
123 description = lib.mdDoc '' 123 description = ''
124 Lower bound of UDP relay endpoints 124 Lower bound of UDP relay endpoints
125 ''; 125 '';
126 }; 126 };
127 max-port = mkOption { 127 max-port = mkOption {
128 type = types.int; 128 type = types.int;
129 default = 65535; 129 default = 65535;
130 description = lib.mdDoc '' 130 description = ''
131 Upper bound of UDP relay endpoints 131 Upper bound of UDP relay endpoints
132 ''; 132 '';
133 }; 133 };
134 lt-cred-mech = mkOption { 134 lt-cred-mech = mkOption {
135 type = types.bool; 135 type = types.bool;
136 default = false; 136 default = false;
137 description = lib.mdDoc '' 137 description = ''
138 Use long-term credential mechanism. 138 Use long-term credential mechanism.
139 ''; 139 '';
140 }; 140 };
141 no-auth = mkOption { 141 no-auth = mkOption {
142 type = types.bool; 142 type = types.bool;
143 default = false; 143 default = false;
144 description = lib.mdDoc '' 144 description = ''
145 This option is opposite to lt-cred-mech. 145 This option is opposite to lt-cred-mech.
146 (TURN Server with no-auth option allows anonymous access). 146 (TURN Server with no-auth option allows anonymous access).
147 If neither option is defined, and no users are defined, 147 If neither option is defined, and no users are defined,
@@ -153,7 +153,7 @@ in {
153 use-auth-secret = mkOption { 153 use-auth-secret = mkOption {
154 type = types.bool; 154 type = types.bool;
155 default = false; 155 default = false;
156 description = lib.mdDoc '' 156 description = ''
157 TURN REST API flag. 157 TURN REST API flag.
158 Flag that sets a special authorization option that is based upon authentication secret. 158 Flag that sets a special authorization option that is based upon authentication secret.
159 This feature can be used with the long-term authentication mechanism, only. 159 This feature can be used with the long-term authentication mechanism, only.
@@ -177,7 +177,7 @@ in {
177 static-auth-secret = mkOption { 177 static-auth-secret = mkOption {
178 type = types.nullOr types.str; 178 type = types.nullOr types.str;
179 default = null; 179 default = null;
180 description = lib.mdDoc '' 180 description = ''
181 'Static' authentication secret value (a string) for TURN REST API only. 181 'Static' authentication secret value (a string) for TURN REST API only.
182 If not set, then the turn server 182 If not set, then the turn server
183 will try to use the 'dynamic' value in turn_secret table 183 will try to use the 'dynamic' value in turn_secret table
@@ -188,7 +188,7 @@ in {
188 static-auth-secret-file = mkOption { 188 static-auth-secret-file = mkOption {
189 type = types.nullOr types.str; 189 type = types.nullOr types.str;
190 default = null; 190 default = null;
191 description = lib.mdDoc '' 191 description = ''
192 Path to the file containing the static authentication secret. 192 Path to the file containing the static authentication secret.
193 ''; 193 '';
194 }; 194 };
@@ -197,7 +197,7 @@ in {
197 default = config.networking.hostName; 197 default = config.networking.hostName;
198 defaultText = literalExpression "config.networking.hostName"; 198 defaultText = literalExpression "config.networking.hostName";
199 example = "example.com"; 199 example = "example.com";
200 description = lib.mdDoc '' 200 description = ''
201 The default realm to be used for the users when no explicit 201 The default realm to be used for the users when no explicit
202 origin/realm relationship was found in the database, or if the TURN 202 origin/realm relationship was found in the database, or if the TURN
203 server is not using any database (just the commands-line settings 203 server is not using any database (just the commands-line settings
@@ -209,7 +209,7 @@ in {
209 type = types.nullOr types.str; 209 type = types.nullOr types.str;
210 default = null; 210 default = null;
211 example = "/var/lib/acme/example.com/fullchain.pem"; 211 example = "/var/lib/acme/example.com/fullchain.pem";
212 description = lib.mdDoc '' 212 description = ''
213 Certificate file in PEM format. 213 Certificate file in PEM format.
214 ''; 214 '';
215 }; 215 };
@@ -217,21 +217,21 @@ in {
217 type = types.nullOr types.str; 217 type = types.nullOr types.str;
218 default = null; 218 default = null;
219 example = "/var/lib/acme/example.com/key.pem"; 219 example = "/var/lib/acme/example.com/key.pem";
220 description = lib.mdDoc '' 220 description = ''
221 Private key file in PEM format. 221 Private key file in PEM format.
222 ''; 222 '';
223 }; 223 };
224 dh-file = mkOption { 224 dh-file = mkOption {
225 type = types.nullOr types.str; 225 type = types.nullOr types.str;
226 default = null; 226 default = null;
227 description = lib.mdDoc '' 227 description = ''
228 Use custom DH TLS key, stored in PEM format in the file. 228 Use custom DH TLS key, stored in PEM format in the file.
229 ''; 229 '';
230 }; 230 };
231 secure-stun = mkOption { 231 secure-stun = mkOption {
232 type = types.bool; 232 type = types.bool;
233 default = false; 233 default = false;
234 description = lib.mdDoc '' 234 description = ''
235 Require authentication of the STUN Binding request. 235 Require authentication of the STUN Binding request.
236 By default, the clients are allowed anonymous access to the STUN Binding functionality. 236 By default, the clients are allowed anonymous access to the STUN Binding functionality.
237 ''; 237 '';
@@ -239,28 +239,28 @@ in {
239 no-cli = mkOption { 239 no-cli = mkOption {
240 type = types.bool; 240 type = types.bool;
241 default = false; 241 default = false;
242 description = lib.mdDoc '' 242 description = ''
243 Turn OFF the CLI support. 243 Turn OFF the CLI support.
244 ''; 244 '';
245 }; 245 };
246 cli-ip = mkOption { 246 cli-ip = mkOption {
247 type = types.str; 247 type = types.str;
248 default = "127.0.0.1"; 248 default = "127.0.0.1";
249 description = lib.mdDoc '' 249 description = ''
250 Local system IP address to be used for CLI server endpoint. 250 Local system IP address to be used for CLI server endpoint.
251 ''; 251 '';
252 }; 252 };
253 cli-port = mkOption { 253 cli-port = mkOption {
254 type = types.int; 254 type = types.int;
255 default = 5766; 255 default = 5766;
256 description = lib.mdDoc '' 256 description = ''
257 CLI server port. 257 CLI server port.
258 ''; 258 '';
259 }; 259 };
260 cli-password = mkOption { 260 cli-password = mkOption {
261 type = types.nullOr types.str; 261 type = types.nullOr types.str;
262 default = null; 262 default = null;
263 description = lib.mdDoc '' 263 description = ''
264 CLI access password. 264 CLI access password.
265 For the security reasons, it is recommended to use the encrypted 265 For the security reasons, it is recommended to use the encrypted
266 for of the password (see the -P command in the turnadmin utility). 266 for of the password (see the -P command in the turnadmin utility).
@@ -269,37 +269,37 @@ in {
269 no-udp = mkOption { 269 no-udp = mkOption {
270 type = types.bool; 270 type = types.bool;
271 default = false; 271 default = false;
272 description = lib.mdDoc "Disable UDP client listener"; 272 description = "Disable UDP client listener";
273 }; 273 };
274 no-tcp = mkOption { 274 no-tcp = mkOption {
275 type = types.bool; 275 type = types.bool;
276 default = false; 276 default = false;
277 description = lib.mdDoc "Disable TCP client listener"; 277 description = "Disable TCP client listener";
278 }; 278 };
279 no-tls = mkOption { 279 no-tls = mkOption {
280 type = types.bool; 280 type = types.bool;
281 default = false; 281 default = false;
282 description = lib.mdDoc "Disable TLS client listener"; 282 description = "Disable TLS client listener";
283 }; 283 };
284 no-dtls = mkOption { 284 no-dtls = mkOption {
285 type = types.bool; 285 type = types.bool;
286 default = false; 286 default = false;
287 description = lib.mdDoc "Disable DTLS client listener"; 287 description = "Disable DTLS client listener";
288 }; 288 };
289 no-udp-relay = mkOption { 289 no-udp-relay = mkOption {
290 type = types.bool; 290 type = types.bool;
291 default = false; 291 default = false;
292 description = lib.mdDoc "Disable UDP relay endpoints"; 292 description = "Disable UDP relay endpoints";
293 }; 293 };
294 no-tcp-relay = mkOption { 294 no-tcp-relay = mkOption {
295 type = types.bool; 295 type = types.bool;
296 default = false; 296 default = false;
297 description = lib.mdDoc "Disable TCP relay endpoints"; 297 description = "Disable TCP relay endpoints";
298 }; 298 };
299 extraConfig = mkOption { 299 extraConfig = mkOption {
300 type = types.lines; 300 type = types.lines;
301 default = ""; 301 default = "";
302 description = lib.mdDoc "Additional configuration options"; 302 description = "Additional configuration options";
303 }; 303 };
304 }; 304 };
305 }; 305 };
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 18:02:07 +0000