tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

conduit: Disable turns, remove the user limits and add all relay IPs

Browse source
This commit is contained in:
Tristan Daniël Maat 2022-11-05 16:01:18 +00:00
parent ea06138a9b
commit 598c439002
Signed by: tlater
GPG key ID: 49670FD774E43268
1 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
configuration/services/conduit.nix
View file

@ -1,4 +1,10 @@
{config, ...}: let
{
config,
lib,
...
}: let
inherit (lib.strings) concatMapStringsSep;
cfg = config.services.matrix-conduit;
domain = "matrix.${config.services.nginx.domain}";
turn-realm = "turn.${config.services.nginx.domain}";
@ -16,8 +22,6 @@ in {
in [
"turn:${address}?transport=udp"
"turn:${address}?transport=tcp"
"turns:${tls-address}?transport=udp"
"turns:${tls-address}?transport=tcp"
];
};
};
@ -68,11 +72,9 @@ in {
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
allowed-peer-ip=178.79.137.55
# Limit number of rooms
user-quota=12
total-quota=36
# *Allow* any IP addresses that we explicitly set as relay IPs
${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
# Various other security settings
no-tlsv1