2 changed files with 21 additions and 35 deletions
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@ -1,10 +1,4 @@
-{
+{config, ...}: let
  config,
  lib,
  ...
 }: let
  inherit (lib.strings) concatMapStringsSep;
  cfg = config.services.matrix-conduit;
  domain = "matrix.${config.services.nginx.domain}";
  turn-realm = "turn.${config.services.nginx.domain}";
@ -22,6 +16,8 @@ in {
      in [
        "turn:${address}?transport=udp"
        "turn:${address}?transport=tcp"
        "turns:${tls-address}?transport=udp"
        "turns:${tls-address}?transport=tcp"
      ];
    };
  };
@ -72,9 +68,11 @@ in {
      denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      allowed-peer-ip=178.79.137.55
-      # *Allow* any IP addresses that we explicitly set as relay IPs
+      # Limit number of rooms
-      ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
+      user-quota=12
      total-quota=36
      # Various other security settings
      no-tlsv1
--- a/flake.nix
+++ b/flake.nix
@ -72,15 +72,13 @@
      lib = nixpkgs.lib;
    };
-    ###################
+    ####################
-    # Utility scripts #
+    # VM launch script #
-    ###################
+    ####################
-    packages.${system} = let
+    apps.${system} = let
      inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
    in {
-      default = self.packages.${system}.run-vm;
+      default = let
      run-vm = let
        vm = self.lib.makeNixosSystem {
          inherit system;
          extraModules = [(import ./configuration/hardware-specific/vm.nix)];
@ -93,33 +91,23 @@
          "8448" = "8448"; # Matrix
          "21025" = "21025"; # Starbound
        };
-      in
+      in {
-        writeShellScript "run-vm" ''
+        type = "app";
        program = builtins.toString (writeShellScript "run-vm" ''
          export QEMU_OPTS="-m 3941 -smp 2 -display curses"
          export QEMU_NET_OPTS="${qemuNetOpts}"
          "${vm.config.system.build.vm}/bin/run-tlaternet-vm"
-        '';
+        '');
      };
      update-nextcloud-apps = let
        nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher";
-      in
+      in {
-        writeShellScript "update-nextcloud-apps" ''
+        type = "app";
        program = builtins.toString (writeShellScript "update-nextcloud-apps" ''
          cd "$(git rev-parse --show-toplevel)/pkgs"
          ${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml
-        '';
+        '');
    };
    apps.${system} = let
      inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
    in {
      default = {
        type = "app";
        program = builtins.toString self.packages.${system}.run-vm;
      };
      update-nextcloud-apps = {
        type = "app";
        program = builtins.toString self.packages.${system}.update-nextcloud-apps;
      };
    };