From ea06138a9b856982b82611723e76e830e959af7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?=
 <tristan.maat@codethink.co.uk>
Date: Sat, 5 Nov 2022 16:00:50 +0000
Subject: [PATCH 1/2] flake.nix: Add packages for utility scripts to enable
 `nix build`

---
 flake.nix | 40 ++++++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/flake.nix b/flake.nix
index f190d89..2dc31c0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -72,13 +72,15 @@
       lib = nixpkgs.lib;
     };
 
-    ####################
-    # VM launch script #
-    ####################
-    apps.${system} = let
+    ###################
+    # Utility scripts #
+    ###################
+    packages.${system} = let
       inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
     in {
-      default = let
+      default = self.packages.${system}.run-vm;
+
+      run-vm = let
         vm = self.lib.makeNixosSystem {
           inherit system;
           extraModules = [(import ./configuration/hardware-specific/vm.nix)];
@@ -91,23 +93,33 @@
           "8448" = "8448"; # Matrix
           "21025" = "21025"; # Starbound
         };
-      in {
-        type = "app";
-        program = builtins.toString (writeShellScript "run-vm" ''
+      in
+        writeShellScript "run-vm" ''
           export QEMU_OPTS="-m 3941 -smp 2 -display curses"
           export QEMU_NET_OPTS="${qemuNetOpts}"
           "${vm.config.system.build.vm}/bin/run-tlaternet-vm"
-        '');
-      };
+        '';
 
       update-nextcloud-apps = let
         nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher";
-      in {
-        type = "app";
-        program = builtins.toString (writeShellScript "update-nextcloud-apps" ''
+      in
+        writeShellScript "update-nextcloud-apps" ''
           cd "$(git rev-parse --show-toplevel)/pkgs"
           ${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml
-        '');
+        '';
+    };
+
+    apps.${system} = let
+      inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
+    in {
+      default = {
+        type = "app";
+        program = builtins.toString self.packages.${system}.run-vm;
+      };
+
+      update-nextcloud-apps = {
+        type = "app";
+        program = builtins.toString self.packages.${system}.update-nextcloud-apps;
       };
     };
 
-- 
2.49.0


From 598c4390024a0d2b4d9316bf83093707ff731314 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?=
 <tristan.maat@codethink.co.uk>
Date: Sat, 5 Nov 2022 16:01:18 +0000
Subject: [PATCH 2/2] conduit: Disable turns, remove the user limits and add
 all relay IPs

---
 configuration/services/conduit.nix | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix
index b60b668..13be08f 100644
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@@ -1,4 +1,10 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.strings) concatMapStringsSep;
+
   cfg = config.services.matrix-conduit;
   domain = "matrix.${config.services.nginx.domain}";
   turn-realm = "turn.${config.services.nginx.domain}";
@@ -16,8 +22,6 @@ in {
       in [
         "turn:${address}?transport=udp"
         "turn:${address}?transport=tcp"
-        "turns:${tls-address}?transport=udp"
-        "turns:${tls-address}?transport=tcp"
       ];
     };
   };
@@ -68,11 +72,9 @@ in {
       denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
       denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
       denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-      allowed-peer-ip=178.79.137.55
 
-      # Limit number of rooms
-      user-quota=12
-      total-quota=36
+      # *Allow* any IP addresses that we explicitly set as relay IPs
+      ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
 
       # Various other security settings
       no-tlsv1
-- 
2.49.0