Enable coTURN and fix the bugs present

nixos/hosts/queen/configuration.nix

@@ -104,9 +104,24 @@
 
   # Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
 
-  networking.firewall.enable = true;
-
-  networking.firewall.allowedTCPPorts = [22 80 443];
+  # Open ports in the firewall.
+  networking.firewall = {
+    enable = true;
+    allowPing = false;
+    allowedTCPPorts = [
+      22 # SSH
+      5349 # STUN tls
+      5350 # STUN tls alt
+      80 # http
+      443 # https
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 49152;
+        to = 49999;
+      } # TURN relay
+    ];
+  };
 
   # networking.useNetworkd = true;
 

nixos/server/package-configs/coturn/default.nix

@@ -1,6 +1,11 @@
 {
+  config,
+  pkgs,
+  ...
+}: {
   sops.secrets."coturn-auth-secret".mode = "0440";
-  sops.secrets."coturn-auth-secret".owner = config.users.users.coturn.name;
+  sops.secrets."coturn-auth-secret".owner = config.users.users.turnserver.name;
+  users.users.nginx.extraGroups = ["turnserver"];
   services.coturn = {
     enable = true;
     lt-cred-mech = true;
@@ -23,24 +28,6 @@
     max-port = 49999;
   };
 
-  # Open ports in the firewall.
-  networking.firewall = {
-    enable = true;
-    allowPing = false;
-    allowedTCPPorts = [
-      5349 # STUN tls
-      5350 # STUN tls alt
-      80 # http
-      443 # https
-    ];
-    allowedUDPPortRanges = [
-      {
-        from = 49152;
-        to = 49999;
-      } # TURN relay
-    ];
-  };
-
   # setup certs
   services.nginx = {
     enable = true;
@@ -56,7 +43,6 @@
   security.acme.certs = {
     "turn.gladtherescake.eu" = {
       group = "turnserver";
-      allowKeysForGroup = true;
       postRun = "systemctl reload nginx.service; systemctl restart coturn.service";
     };
   };

nixos/server/package-configs/default.nix

@@ -14,5 +14,6 @@
     ./nextcloud
     ./postgres
     ./roundcube
+    ./coturn
   ];
 }