From a7fe2aabc560334ad3a194541a0abaf404e989ab Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Fri, 27 Sep 2024 07:30:48 +0200 Subject: [PATCH] bicep/matrix/coturn: disable ipv6 to fix the service running at all coturn is just fundamentally broken, look at trying eturnal instead --- hosts/bicep/services/matrix/coturn.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/bicep/services/matrix/coturn.nix b/hosts/bicep/services/matrix/coturn.nix index 572fc21..e1878e9 100644 --- a/hosts/bicep/services/matrix/coturn.nix +++ b/hosts/bicep/services/matrix/coturn.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, secrets, ... }: +{ config, lib, pkgs, secrets, values, ... }: { sops.secrets."matrix/synapse/turnconfig" = { @@ -60,12 +60,14 @@ pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; use-auth-secret = true; - # World readable but I dont think it's that bad static-auth-secret-file = config.sops.secrets."matrix/coturn/static-auth-secret".path; secure-stun = true; - listening-ips = [ "129.241.210.213" "2001:700:300:1900::213" ]; + listening-ips = [ + values.services.turn.ipv4 + # values.services.turn.ipv6 + ]; tls-listening-port = 443; alt-tls-listening-port = 5349;