40 lines
723 B
Nix
40 lines
723 B
Nix
{
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
3478 # TURN (coturn)
|
|
];
|
|
allowedUDPPorts = [
|
|
3478 # TURN (coturn)
|
|
];
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 49152;
|
|
to = 65535; # TURN relay ports (coturn)
|
|
}
|
|
];
|
|
};
|
|
|
|
sops.secrets.matrix_turn_secret = {
|
|
owner = "matrix-synapse";
|
|
group = "matrix-synapse";
|
|
};
|
|
|
|
services.coturn = {
|
|
enable = true;
|
|
no-cli = true;
|
|
no-tcp-relay = true;
|
|
min-port = 49152;
|
|
max-port = 65535;
|
|
use-auth-secret = true;
|
|
static-auth-secret-file = config.sops.secrets.matrix_turn_secret.path;
|
|
realm = "turn.cyperpunk.de";
|
|
extraConfig = ''
|
|
no-multicast-peers
|
|
'';
|
|
};
|
|
}
|