Alright this ain't finished cause of the home stuff but I don't wanna lose what I've done. Impermanence, disko, lots of changes. TODO: add modularity to home.

2024-11-02 17:19:40 -04:00 · 2024-11-02 17:19:40 -04:00 · 15ab10152b
commit 15ab10152b
parent 7a3f60038b
109 changed files with 766 additions and 749 deletions
--- a/modules/system/services/server/social/matrix/synapse/coturn/default.nix
+++ b/modules/system/services/server/social/matrix/synapse/coturn/default.nix
@ -12,7 +12,7 @@
      min-port = 49000;
      max-port = 50000;
      use-auth-secret = true;
-      static-auth-secret = "will be world readable for local users :(";
+      static-auth-secret = config.secrets.coturnSecret;
      realm = "turn.${config.domains.jim1}";
      cert = "/var/lib/acme/turn.${config.domains.jim1}.com/fullchain.pem";
      pkey = "/var/lib/acme/turn.${config.domains.jim1}.com/key.pem";
@ -24,7 +24,7 @@
        "turn:turn.${config.domains.jim1}:3478?transport=udp"
        "turn:turn.${config.domains.jim1}:3478?transport=tcp"
      ];
-      turn_shared_secret = config.services.coturn.static-auth-secret;
+      turn_shared_secret = config.secrets.coturnSecret;
      turn_user_lifetime = "1h";
    };
  };
@ -32,10 +32,12 @@
  # Open coturn ports
  networking.firewall = {
    allowedUDPPorts = [
-      3478 5349
-    ];
-    allowedUDPPortRanges = [
-      { from = 49000; to = 50000; }
+      3478
+      5349
    ];
+    allowedUDPPortRanges = [{
+      from = config.services.coturn.min-port;
+      to = config.services.coturn.max-port;
+    }];
  };
 }
--- a/modules/system/services/server/social/matrix/synapse/default.nix
+++ b/modules/system/services/server/social/matrix/synapse/default.nix
@ -13,14 +13,16 @@
      public_baseurl = "https://matrix.${config.domains.jim1}";
      suppress_key_server_warning = true;

-      listeners = [{
-        port = 8008;
-        bind_addresses = [ "::" "0.0.0.0" ];
-        resources = [ { compress = false;  names = [ "client" "federation" ]; } ];
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-      }];
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = [ "::" "0.0.0.0" ];
+          resources = [ { compress = true;  names = [ "client" "federation" ]; } ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+        }
+      ];

      email = {
        notif_from = "Jimbo's Matrix <noreply@${config.domains.jim1}>";