coturn: allow both tls and non-tls connections

synapse: coturn use both tls and non-tls connections

modules/services/coturn.nix

@@ -3,7 +3,6 @@ inputs:
 	options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in
 	{
 		enable = mkOption { type = types.bool; default = false; };
-		port = mkOption { type = types.ints.unsigned; default = 5349; };
 		hostname = mkOption { type = types.str; default = "coturn.chn.moe"; };
 	};
 	config =
@@ -23,16 +22,16 @@ inputs:
 						realm = coturn.hostname;
 						cert = "${keydir}/full.pem";
 						pkey = "${keydir}/key.pem";
-						tls-listening-port = coturn.port;
-						no-tcp = true;
-						no-udp = true;
 						no-cli = true;
 					};
 				sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User;
 				nixos.services.acme = { enable = true; certs = [ coturn.hostname ]; };
 				security.acme.certs.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group;
-				networking.firewall.allowedUDPPorts = [ coturn.port ];
-				networking.firewall.allowedUDPPortRanges = with inputs.config.services.coturn;
-					[ { from = min-port; to = max-port; } ];
+				networking.firewall = with inputs.config.services.coturn;
+				{
+					allowedUDPPorts = [ listening-port tls-listening-port ];
+					allowedTCPPorts = [ listening-port tls-listening-port ];
+					allowedUDPPortRanges = [ { from = min-port; to = max-port; } ];
+				};
 			};
 }

modules/services/synapse.nix

@@ -56,7 +56,7 @@ inputs:
 						admin_contact = "mailto:chn@chn.moe";
 						enable_registration = true;
 						registrations_require_3pid = [ "email" ];
-						turn_uris = [ "turns:coturn.chn.moe" ];
+						turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ];
 						max_upload_size = "1024M";
 						web_client_location = "https://element.chn.moe/";
 						serve_server_wellknown = true;