Replace element with schildichat
Additionally: attempt to setup TURN, although this is currenly disabled
diff --git a/modules/caddy/caddyfile.nix b/modules/caddy/caddyfile.nix
index 69fbe2b..243e721 100644
--- a/modules/caddy/caddyfile.nix
+++ b/modules/caddy/caddyfile.nix
@@ -344,12 +344,28 @@
terminal = true;
}
(HTTPFileServerRoute [ "matrix.coded.codes" ] (
- pkgs.element-web.override {
+ pkgs.schildichat-web.override {
conf = {
default_server_config = lib.pipe ./coded.codes/.well-known/matrix [
builtins.readFile
builtins.fromJSON
];
+ features = {
+ feature_report_to_moderators = true;
+ feature_latex_maths = true;
+ feature_pinning = true;
+ feature_mjolnir = true;
+ feature_presence_in_room_list = true;
+ feature_custom_themes = true;
+ feature_dehydration = true;
+ };
+ setting_defaults = {
+ "fallbackICEServerAllowed" = true;
+ };
+ default_theme = "dark";
+ permalink_prefix = "https://matrix.coded.codes";
+ disable_guests = true;
+ disable_3pid_login = true;
};
}
))
diff --git a/modules/matrix.nix b/modules/matrix.nix
index 41c4153..d3d46f5 100644
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@@ -31,9 +31,20 @@
}];
enable_metrics = true;
database.args.database = "synapse";
+ turn_uris = [
+
+ /* "turn:turn.coded.codes:3478?transport=udp"
+ "turn:turn.coded.codes:3478?transport=tcp"
+ "turns:turn.coded.codes:5349?transport=udp"
+ "turns:turn.coded.codes:5349?transport=tcp" */
+ ]; # Please use matrix.org turn
+ # turn_shared_secret = "!!turn_shared_secret!!";
};
};
+ networking.firewall.allowedTCPPorts = [ 3478 5349 ];
+ networking.firewall.allowedUDPPorts = [ 3478 5349 ];
+
services.mjolnir = {
enable = true;
@@ -62,7 +73,31 @@
managementRoom = "#moderation-commands:coded.codes";
};
+ services.coturn = {
+ enable = false;
+
+ use-auth-secret = true;
+ # static-auth-secret-file = config.sops.secrets.turn_shared_secret.path;
+
+ realm = "turn.coded.codes";
+
+ no-tcp-relay = true;
+
+ no-cli = true;
+
+ extraConfig = ''
+ external-ip=turn.coded.codes
+ '';
+ };
+
sops.secrets = {
+ #turn_shared_secret = {
+ # mode = "0440";
+ # owner = "turnserver";
+ # group = "matrix-synapse";
+ # sopsFile = ../secrets/matrix.json;
+ # format = "json";
+ #};
registration_shared_secret = {
mode = "0400";
owner = config.users.users.root.name;
@@ -103,6 +138,8 @@
source = toString synapse_cfgfile;
matchers."registration_shared_secret".secret =
config.sops.secrets.registration_shared_secret.path;
+ # matchers."turn_shared_secret".secret =
+ # config.sops.secrets.turn_shared_secret.path;
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
mode = "0400";
diff --git a/secrets/matrix.json b/secrets/matrix.json
index c6e6d30..11bc8bf 100644
--- a/secrets/matrix.json
+++ b/secrets/matrix.json
@@ -1,5 +1,6 @@
{
"registration_shared_secret": "ENC[AES256_GCM,data:Kg9BvMxn2/QqbU5C6OnMrlvT8uFmtu3v3UMb+OqqHNSxEtLcXRPMw304+QeTYIg7m9gfZ0m3i3fUnRgya0+Lhg==,iv:2PnEIgd7kicBrR9fdIDJ7j4YklalWxn2BrrS4ipTL2Q=,tag:tgxTZGEAAEZdaqu5kh3a6w==,type:str]",
+ "turn_shared_secret": "ENC[AES256_GCM,data:jOzRRqGE5x5a7Zc7WXMvt3+6yLzJC5brtbekc1RF50+lIBy52K6q4ByUD0suQzAOdmXyFzNRm9kgib4pKYnNWSL3IfNls3mIML/5iVTJoPJyoC4q+GUvhALgTCIzocy14RMCgnvxvgIcCquyh/CCUqjRA6+w4+KvV6DzGJR81GE=,iv:a7GUjSqGsZHE7L+FpuTTZtBIvuCMfOF2DYR2LGNXdtQ=,tag:VgRWMKNbaXW1FEz7czW+kQ==,type:str]",
"mjolnir_password": "ENC[AES256_GCM,data:RWBt2hca41QJJ/0E5WHJaWj0PwjrXVVxtoKfNidiCFQgWCo6z9MaNZu1EZRcPPEoxiT3FsYb2mPIpQu8v6qww76nxJPp4K3Ko/RWWMqr0on0MusMbVcFiQHGKHSsTRSu9aWjwWk1UEdCi+eJeFQTz1vW5QhgzyOfTc0haKm2e9s=,iv:RFc0ElVWfkGohLTYMUg9ehCfcZOQNMgO+wGwKJqRgj8=,tag:s9g2y711fXT3He7RNn555w==,type:str]",
"sops": {
"kms": null,
@@ -20,8 +21,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV2VZbzJuUXQwRmVRZTdK\nR3V3VXdEODFlRCsvengwMDJHWlh3VFFObEdFClJvNm5NVEZ6dnVpWHVHRnRVWXVG\nSk1jRkdjSUxxZmY5b3l6NForQVNBWHMKLS0tIFhIdVpleG1sS25RaWxHZlFTSDk4\nbk9iaGdWVkUxN0dTWkx0VEJaWHJZQzQKhPDYlcEqCOwrxuSEaXMxGFajxwTP5dS0\nV6AhyPwAO2rW0NX6frtDrs1un1el5QKEvm9Bcnli/PNzUbXDbtkjSg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-06-08T07:26:46Z",
- "mac": "ENC[AES256_GCM,data:zwsliYrvBEQdr5ghsblFwAnZkr65MDgIAXrTbG6cel4pBmHC00uo2MQDlOKKYW6FWLrUX3egicg7/XTsKW/8Fr5zh8BfOYGLVO38sEgwhLbs3t9YngBrHcGFLzeyRI6lf+ez1wZZ9FcdRGViId7tZPNGZA/bwSyy8Sqxsjzm5p4=,iv:Ug8LDZRlOoCngbYbKm2XFdq6diMqqJ8BphcpRTjnvgY=,tag:8x90MK8OE4zlLgRtB/uHFA==,type:str]",
+ "lastmodified": "2023-06-22T19:57:03Z",
+ "mac": "ENC[AES256_GCM,data:k7p5mdzY/XrgrAOIn0/1XGjvNCh1Wa2QmyfWzmcfhrhR/PoLJ/Y7O0OT8Vf5aRHu4ikyTxkk+lpFcbIFoQ+jteANYq5/JFX+4yvcHAUEq1lJKg1fPb2q45o7BIOVmlHkjy2L0c8zbCutM51RYzSiOut5/YwRsb8tEmP8KE/pCj4=,iv:XeKOPC//MRbqHFZCy7pMomyRiDHFb/PrzP3CZzJxQzs=,tag:12AXjx8G0dxlQol7wV9JZQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"