From 86fcaf7eb6a7a3fb61c960454767e68e5aecbffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Wed, 28 May 2025 04:05:26 +0800
Subject: [PATCH] chore(coturn): Disable the coturn server

Seems it's been picked up by someone doing naughty things, let's
disable this for now as I don't really have a use case for matrix
calls anymore...
---
 configuration/services/conduit/default.nix | 26 +++++++++++-----------
 configuration/sops.nix                     | 20 ++++++++---------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/configuration/services/conduit/default.nix b/configuration/services/conduit/default.nix
index 4ba5271..a9987ed 100644
--- a/configuration/services/conduit/default.nix
+++ b/configuration/services/conduit/default.nix
@@ -34,22 +34,22 @@ in
           server = "${domain}:443";
         };
 
-        turn_uris =
-          let
-            address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
-            tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
-          in
-          [
-            "turn:${address}?transport=udp"
-            "turn:${address}?transport=tcp"
-            "turns:${tls-address}?transport=udp"
-            "turns:${tls-address}?transport=tcp"
-          ];
+        # turn_uris =
+        #   let
+        #     address = "${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
+        #     tls-address = "${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
+        #   in
+        #   [
+        #     "turn:${address}?transport=udp"
+        #     "turn:${address}?transport=tcp"
+        #     "turns:${tls-address}?transport=udp"
+        #     "turns:${tls-address}?transport=tcp"
+        #   ];
       };
     };
 
     coturn = {
-      enable = true;
+      enable = false;
       no-cli = true;
       use-auth-secret = true;
       static-auth-secret-file = config.sops.secrets."turn/secret".path;
@@ -173,7 +173,7 @@ in
     # upstream module currently.
     #
     # See also https://gitlab.com/famedly/conduit/-/issues/314
-    EnvironmentFile = config.sops.secrets."turn/env".path;
+    # EnvironmentFile = config.sops.secrets."turn/env".path;
   };
 
   systemd.services.coturn.serviceConfig.SupplementaryGroups = [
diff --git a/configuration/sops.nix b/configuration/sops.nix
index 0337438..bc59df8 100644
--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@@ -67,16 +67,16 @@
       "steam/tlater" = { };
 
       # Turn
-      "turn/env" = { };
-      "turn/secret" = {
-        owner = "turnserver";
-      };
-      "turn/ssl-key" = {
-        owner = "turnserver";
-      };
-      "turn/ssl-cert" = {
-        owner = "turnserver";
-      };
+      # "turn/env" = { };
+      # "turn/secret" = {
+      #   owner = "turnserver";
+      # };
+      # "turn/ssl-key" = {
+      #   owner = "turnserver";
+      # };
+      # "turn/ssl-cert" = {
+      #   owner = "turnserver";
+      # };
 
       # Wireguard
       "wireguard/server-key" = {