conduit: Disable turns, remove the user limits and add all relay IPs

This commit is contained in:
Tristan Daniël Maat 2022-11-05 16:01:18 +00:00
parent ea06138a9b
commit 598c439002
Signed by: tlater
GPG key ID: 49670FD774E43268

View file

@ -1,4 +1,10 @@
{config, ...}: let {
config,
lib,
...
}: let
inherit (lib.strings) concatMapStringsSep;
cfg = config.services.matrix-conduit; cfg = config.services.matrix-conduit;
domain = "matrix.${config.services.nginx.domain}"; domain = "matrix.${config.services.nginx.domain}";
turn-realm = "turn.${config.services.nginx.domain}"; turn-realm = "turn.${config.services.nginx.domain}";
@ -16,8 +22,6 @@ in {
in [ in [
"turn:${address}?transport=udp" "turn:${address}?transport=udp"
"turn:${address}?transport=tcp" "turn:${address}?transport=tcp"
"turns:${tls-address}?transport=udp"
"turns:${tls-address}?transport=tcp"
]; ];
}; };
}; };
@ -68,11 +72,9 @@ in {
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
allowed-peer-ip=178.79.137.55
# Limit number of rooms # *Allow* any IP addresses that we explicitly set as relay IPs
user-quota=12 ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
total-quota=36
# Various other security settings # Various other security settings
no-tlsv1 no-tlsv1