From 241588969847b3f217492812f2918e5b1916fc27 Mon Sep 17 00:00:00 2001 From: chn Date: Thu, 31 Aug 2023 01:19:58 +0800 Subject: [PATCH] coturn: allow both tls and non-tls connections synapse: coturn use both tls and non-tls connections --- modules/services/coturn.nix | 13 ++++++------- modules/services/synapse.nix | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/services/coturn.nix b/modules/services/coturn.nix index bce0b2ec..b31c0683 100644 --- a/modules/services/coturn.nix +++ b/modules/services/coturn.nix @@ -3,7 +3,6 @@ inputs: options.nixos.services.coturn = let inherit (inputs.lib) mkOption types; in { enable = mkOption { type = types.bool; default = false; }; - port = mkOption { type = types.ints.unsigned; default = 5349; }; hostname = mkOption { type = types.str; default = "coturn.chn.moe"; }; }; config = @@ -23,16 +22,16 @@ inputs: realm = coturn.hostname; cert = "${keydir}/full.pem"; pkey = "${keydir}/key.pem"; - tls-listening-port = coturn.port; - no-tcp = true; - no-udp = true; no-cli = true; }; sops.secrets."coturn/auth-secret".owner = inputs.config.systemd.services.coturn.serviceConfig.User; nixos.services.acme = { enable = true; certs = [ coturn.hostname ]; }; security.acme.certs.${coturn.hostname}.group = inputs.config.systemd.services.coturn.serviceConfig.Group; - networking.firewall.allowedUDPPorts = [ coturn.port ]; - networking.firewall.allowedUDPPortRanges = with inputs.config.services.coturn; - [ { from = min-port; to = max-port; } ]; + networking.firewall = with inputs.config.services.coturn; + { + allowedUDPPorts = [ listening-port tls-listening-port ]; + allowedTCPPorts = [ listening-port tls-listening-port ]; + allowedUDPPortRanges = [ { from = min-port; to = max-port; } ]; + }; }; } diff --git a/modules/services/synapse.nix b/modules/services/synapse.nix index b4564727..88b44743 100644 --- a/modules/services/synapse.nix +++ b/modules/services/synapse.nix @@ -56,7 +56,7 @@ inputs: admin_contact = "mailto:chn@chn.moe"; enable_registration = true; registrations_require_3pid = [ "email" ]; - turn_uris = [ "turns:coturn.chn.moe" ]; + turn_uris = [ "turns:coturn.chn.moe" "turn:coturn.chn.moe" ]; max_upload_size = "1024M"; web_client_location = "https://element.chn.moe/"; serve_server_wellknown = true;