Replace element with schildichat
Additionally: attempt to setup TURN, although this is currenly disabled
diff --git a/modules/matrix.nix b/modules/matrix.nix
index 41c4153..d3d46f5 100644
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@@ -31,9 +31,20 @@
}];
enable_metrics = true;
database.args.database = "synapse";
+ turn_uris = [
+
+ /* "turn:turn.coded.codes:3478?transport=udp"
+ "turn:turn.coded.codes:3478?transport=tcp"
+ "turns:turn.coded.codes:5349?transport=udp"
+ "turns:turn.coded.codes:5349?transport=tcp" */
+ ]; # Please use matrix.org turn
+ # turn_shared_secret = "!!turn_shared_secret!!";
};
};
+ networking.firewall.allowedTCPPorts = [ 3478 5349 ];
+ networking.firewall.allowedUDPPorts = [ 3478 5349 ];
+
services.mjolnir = {
enable = true;
@@ -62,7 +73,31 @@
managementRoom = "#moderation-commands:coded.codes";
};
+ services.coturn = {
+ enable = false;
+
+ use-auth-secret = true;
+ # static-auth-secret-file = config.sops.secrets.turn_shared_secret.path;
+
+ realm = "turn.coded.codes";
+
+ no-tcp-relay = true;
+
+ no-cli = true;
+
+ extraConfig = ''
+ external-ip=turn.coded.codes
+ '';
+ };
+
sops.secrets = {
+ #turn_shared_secret = {
+ # mode = "0440";
+ # owner = "turnserver";
+ # group = "matrix-synapse";
+ # sopsFile = ../secrets/matrix.json;
+ # format = "json";
+ #};
registration_shared_secret = {
mode = "0400";
owner = config.users.users.root.name;
@@ -103,6 +138,8 @@
source = toString synapse_cfgfile;
matchers."registration_shared_secret".secret =
config.sops.secrets.registration_shared_secret.path;
+ # matchers."turn_shared_secret".secret =
+ # config.sops.secrets.turn_shared_secret.path;
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
mode = "0400";