tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

Clean up some conduit/coturn configuration #74

Manually merged
tlaternet merged 2 commits from tlater/fix-conduit into master 2022-11-05 17:41:28 +00:00
Conversation 0 Commits 2 Files changed 2 +35 -21
2 changed files with 35 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
configuration/services/conduit.nix
View file

@ -1,4 +1,10 @@
{config, ...}: let {
config,
lib,
...
}: let
inherit (lib.strings) concatMapStringsSep;
cfg = config.services.matrix-conduit; cfg = config.services.matrix-conduit;
domain = "matrix.${config.services.nginx.domain}"; domain = "matrix.${config.services.nginx.domain}";
turn-realm = "turn.${config.services.nginx.domain}"; turn-realm = "turn.${config.services.nginx.domain}";
@ -16,8 +22,6 @@ in {
in [ in [
"turn:${address}?transport=udp" "turn:${address}?transport=udp"
"turn:${address}?transport=tcp" "turn:${address}?transport=tcp"
"turns:${tls-address}?transport=udp"
"turns:${tls-address}?transport=tcp"
]; ];
}; };
}; };
@ -68,11 +72,9 @@ in {
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
allowed-peer-ip=178.79.137.55
# Limit number of rooms # *Allow* any IP addresses that we explicitly set as relay IPs
user-quota=12 ${concatMapStringsSep "\n" (ip: "allowed-peer-ip=${ip}") config.services.coturn.relay-ips}
total-quota=36
# Various other security settings # Various other security settings
no-tlsv1 no-tlsv1

40
flake.nix
View file

@ -72,13 +72,15 @@
lib = nixpkgs.lib; lib = nixpkgs.lib;
}; };
#################### ###################
# VM launch script # # Utility scripts #
#################### ###################
apps.${system} = let packages.${system} = let
inherit (nixpkgs.legacyPackages.${system}) writeShellScript; inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in { in {
default = let default = self.packages.${system}.run-vm;
run-vm = let
vm = self.lib.makeNixosSystem { vm = self.lib.makeNixosSystem {
inherit system; inherit system;
extraModules = [(import ./configuration/hardware-specific/vm.nix)]; extraModules = [(import ./configuration/hardware-specific/vm.nix)];
@ -91,23 +93,33 @@
"8448" = "8448"; # Matrix "8448" = "8448"; # Matrix
"21025" = "21025"; # Starbound "21025" = "21025"; # Starbound
}; };
in { in
type = "app"; writeShellScript "run-vm" ''
program = builtins.toString (writeShellScript "run-vm" ''
export QEMU_OPTS="-m 3941 -smp 2 -display curses" export QEMU_OPTS="-m 3941 -smp 2 -display curses"
export QEMU_NET_OPTS="${qemuNetOpts}" export QEMU_NET_OPTS="${qemuNetOpts}"
"${vm.config.system.build.vm}/bin/run-tlaternet-vm" "${vm.config.system.build.vm}/bin/run-tlaternet-vm"
''); '';
};
update-nextcloud-apps = let update-nextcloud-apps = let
nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher"; nvfetcher-bin = "${nvfetcher.defaultPackage.${system}}/bin/nvfetcher";
in { in
type = "app"; writeShellScript "update-nextcloud-apps" ''
program = builtins.toString (writeShellScript "update-nextcloud-apps" ''
cd "$(git rev-parse --show-toplevel)/pkgs" cd "$(git rev-parse --show-toplevel)/pkgs"
${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml ${nvfetcher-bin} -o _sources_nextcloud -c nextcloud-apps.toml
''); '';
};
apps.${system} = let
inherit (nixpkgs.legacyPackages.${system}) writeShellScript;
in {
default = {
type = "app";
program = builtins.toString self.packages.${system}.run-vm;
};
update-nextcloud-apps = {
type = "app";
program = builtins.toString self.packages.${system}.update-nextcloud-apps;
}; };
}; };