From c1f62e9827efe7c8e303e3cfa70dac8f544312b1 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 9 Aug 2022 11:23:00 +0300
Subject: ...

---
 hosts/surtr/matrix/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'hosts/surtr/matrix')

diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index a469be69..e3a52f9a 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -265,7 +265,7 @@ with lib;
       min-port = 49000;
       max-port = 50000;
       use-auth-secret = true;
-      static-auth-secret-file = config.sops.secrets."coturn-auth-secret".path;
+      static-auth-secret-file = "/run/credentials/coturn.service/auth-secret";
       realm = "turn.synapse.li";
       cert = "/run/credentials/coturn.service/turn.synapse.li.pem";
       pkey = "/run/credentials/coturn.service/turn.synapse.li.key.pem";
@@ -307,6 +307,7 @@ with lib;
         LoadCredential = [
           "turn.synapse.li.key.pem:${config.security.acme.certs."turn.synapse.li".directory}/key.pem"
           "turn.synapse.li.pem:${config.security.acme.certs."turn.synapse.li".directory}/fullchain.pem"
+          "auth-secret:${config.sops.secrets."coturn-auth-secret".path}"
         ];
       };
     };
@@ -314,8 +315,6 @@ with lib;
     sops.secrets."coturn-auth-secret" = {
       format = "binary";
       sopsFile = ./coturn-auth-secret;
-      owner = "turnserver";
-      group = "turnserver";
     };
   };
 }
-- 
cgit v1.2.3