chore(coturn): Disable the coturn server

Seems it's been picked up by someone doing naughty things, let's disable this for now as I don't really have a use case for matrix calls anymore...
2025-05-28 04:05:26 +08:00 · 2025-05-28 04:05:26 +08:00 · 86fcaf7eb6
commit 86fcaf7eb6
parent 94ec261a94
2 changed files with 23 additions and 23 deletions
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@ -34,22 +34,22 @@ in
          server = "${domain}:443";
        };

-        turn_uris =
-          let
-            address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
-            tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
-          in
-          [
-            "turn:${address}?transport=udp"
-            "turn:${address}?transport=tcp"
-            "turns:${tls-address}?transport=udp"
-            "turns:${tls-address}?transport=tcp"
-          ];
+        # turn_uris =
+        #   let
+        #     address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
+        #     tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
+        #   in
+        #   [
+        #     "turn:${address}?transport=udp"
+        #     "turn:${address}?transport=tcp"
+        #     "turns:${tls-address}?transport=udp"
+        #     "turns:${tls-address}?transport=tcp"
+        #   ];
      };
    };

    coturn = {
-      enable = true;
+      enable = false;
      no-cli = true;
      use-auth-secret = true;
      static-auth-secret-file = config.sops.secrets."turn/secret".path;
@ -173,7 +173,7 @@ in
    # upstream module currently.
    #
    # See also https://gitlab.com/famedly/conduit/-/issues/314
-    EnvironmentFile = config.sops.secrets."turn/env".path;
+    # EnvironmentFile = config.sops.secrets."turn/env".path;
  };

  systemd.services.coturn.serviceConfig.SupplementaryGroups = [
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@ -67,16 +67,16 @@
      "steam/tlater" = { };

      # Turn
-      "turn/env" = { };
-      "turn/secret" = {
-        owner = "turnserver";
-      };
-      "turn/ssl-key" = {
-        owner = "turnserver";
-      };
-      "turn/ssl-cert" = {
-        owner = "turnserver";
-      };
+      # "turn/env" = { };
+      # "turn/secret" = {
+      #   owner = "turnserver";
+      # };
+      # "turn/ssl-key" = {
+      #   owner = "turnserver";
+      # };
+      # "turn/ssl-cert" = {
+      #   owner = "turnserver";
+      # };

      # Wireguard
      "wireguard/server-key" = {