conduit: Disable turns, remove the user limits and add all relay IPs

2022-11-05 16:01:18 +00:00 · 2022-11-05 16:01:18 +00:00 · 598c439002
parent ea06138a9b
commit 598c439002
1 changed files with 9 additions and 7 deletions
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@ -1,4 +1,10 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.strings) concatMapStringsSep;
+
  cfg = config.services.matrix-conduit;
  domain = "matrix.${config.services.nginx.domain}";
  turn-realm = "turn.${config.services.nginx.domain}";
@ -16,8 +22,6 @@ in {
      in [
        "turn:${address}?transport=udp"
        "turn:${address}?transport=tcp"
-        "turns:${tls-address}?transport=udp"
-        "turns:${tls-address}?transport=tcp"
      ];
    };
  };
@ -68,11 +72,9 @@ in {
      denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-      allowed-peer-ip=178.79.137.55

-      # Limit number of rooms
-      user-quota=12
-      total-quota=36
+      # *Allow* any IP addresses that we explicitly set as relay IPs
+      ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}

      # Various other security settings
      no-tlsv1