From ac082f77b0bf5ad61e82718dc4eecc581132e6d5 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 17 Sep 2024 10:30:12 +0200
Subject: [PATCH] feat(coturn): set owner and add restart units for secrets

Ensure the coturn static-auth-secret has the correct owner and specifies restart units. This enhances security by assigning ownership and improves reliability by ensuring relevant units restart when secrets change.
---
 systems/x86_64-linux/mx/coturn.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/systems/x86_64-linux/mx/coturn.nix b/systems/x86_64-linux/mx/coturn.nix
index 15aee9a..3f5f05f 100644
--- a/systems/x86_64-linux/mx/coturn.nix
+++ b/systems/x86_64-linux/mx/coturn.nix
@@ -2,6 +2,8 @@
 {
   sops.secrets."coturn/static-auth-secret" = {
     sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
+    restartUnits = [ "coturn.service" ];
+    owner = "turnserver";
   };
 
   services.coturn = {