| blob | b591205417fb8bfec4f75ab1cc216b0f2c0948a6 |
1 {
2 config,
3 pkgs,
4 lib,
5 ...
6 }:
8 let
9 cfg = config.services.turn-rs;
10 format = pkgs.formats.toml { };
11 in
12 {
13 options.services.turn-rs = {
14 enable = lib.mkEnableOption "turn-rs server";
15 package = lib.mkPackageOption pkgs "turn-rs" { };
17 secretFile = lib.mkOption {
18 type = lib.types.nullOr lib.types.path;
19 default = null;
20 example = "/run/keys/turn-rs.env";
21 description = ''
22 Environment variables from this file will be interpolated into the
23 final config file using envsubst with this syntax: `$ENVIRONMENT` or
24 `''${VARIABLE}`.
25 The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.
26 This is useful to avoid putting secrets into the nix store.
27 '';
28 };
30 settings = lib.mkOption {
31 type = lib.types.submodule {
32 freeformType = format.type;
33 };
34 description = "Turn-rs server config file";
35 default = { };
36 example = {
37 turn = {
38 realm = "localhost";
39 interfaces = [
40 {
41 transport = "udp";
42 bind = "127.0.0.1:3478";
43 external = "127.0.0.1:3478";
44 }
45 {
46 transport = "tcp";
47 bind = "127.0.0.1:3478";
48 external = "127.0.0.1:3478";
49 }
50 ];
51 };
53 auth.static_credentials = {
54 user1 = "test";
55 user2 = "test";
56 };
57 };
58 };
59 };
61 config = lib.mkIf cfg.enable {
62 services.turn-rs.settings = {
63 api.bind = lib.mkDefault "127.0.0.1:3000";
64 log.level = lib.mkDefault "info";
65 };
67 systemd.services.turn-rs = {
68 enable = true;
69 wantedBy = [ "multi-user.target" ];
70 description = "Turn-rs Server Daemon";
71 preStart =
72 let
73 configFile = format.generate "turn-rs-config.toml" cfg.settings;
74 in
75 ''
76 ${lib.getExe pkgs.envsubst} -i "${configFile}" -o /run/turn-rs/config.toml
77 '';
78 serviceConfig = {
79 RuntimeDirectory = "turn-rs";
80 EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile;
81 ExecStart = "${lib.getExe cfg.package} --config=/run/turn-rs/config.toml";
82 DynamicUser = true;
83 };
84 };
85 };
86 }