From 5798f5c473940c7f06600490ba56ef5468124a68 Mon Sep 17 00:00:00 2001
From: Malte Brandy <malte.brandy@maralorn.de>
Date: Sun, 20 Dec 2020 01:26:33 +0100
Subject: [PATCH] Try fixing coturn

---
 nixos/roles/coturn.nix         | 17 +++++++++++------
 nixos/roles/matrix-synapse.nix |  6 ++++--
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/nixos/roles/coturn.nix b/nixos/roles/coturn.nix
index 930251e8..ed3a4435 100644
--- a/nixos/roles/coturn.nix
+++ b/nixos/roles/coturn.nix
@@ -3,28 +3,32 @@ let
   fqdn = "${config.networking.hostName}.${config.networking.domain}";
   key_dir = config.security.acme.certs."${fqdn}".directory;
 in {
+  users.users.turnserver.extraGroups = [ "nginx" ]; # For read access to certs;
   networking.firewall = let
     range = [{
       from = config.services.coturn.min-port;
       to = config.services.coturn.max-port;
     }];
-    port = [ config.services.coturn.tls-listening-port ];
+    ports = [
+      config.services.coturn.listening-port
+      config.services.coturn.alt-listening-port
+      config.services.coturn.tls-listening-port
+      config.services.coturn.alt-tls-listening-port
+    ];
   in {
     allowedUDPPortRanges = range;
     allowedTCPPortRanges = range;
-    allowedTCPPorts = port;
-    allowedUDPPorts = port;
+    allowedTCPPorts = ports;
+    allowedUDPPorts = ports;
   };
   security.acme.certs.${fqdn} = {
     postRun = "systemctl restart coturn.service";
   };
-
   services = {
     coturn = {
       enable = true;
       use-auth-secret = true;
-      no-tcp = true;
-      lt-cred-mech = true;
+      no-cli = true;
       no-tcp-relay = true;
       min-port = 52000;
       max-port = 52100;
@@ -33,6 +37,7 @@ in {
       static-auth-secret = (pkgs.privateValue { turn_shared_secret = ""; }
         "matrix/server-secrets").turn_shared_secret;
       realm = fqdn;
+      listening-ips = [ config.m-0.hosts.hera config.m-0.hosts.hera-v4 ];
       extraConfig = ''
         fingerprint
 
diff --git a/nixos/roles/matrix-synapse.nix b/nixos/roles/matrix-synapse.nix
index 63bbf5af..a1ef0196 100644
--- a/nixos/roles/matrix-synapse.nix
+++ b/nixos/roles/matrix-synapse.nix
@@ -59,9 +59,11 @@ in {
       dynamic_thumbnails = true;
       turn_shared_secret = config.services.coturn.static-auth-secret;
       turn_uris = let
-        turn_server =
+        turns =
           "turns:${config.services.coturn.realm}:${toString config.services.coturn.tls-listening-port}";
-      in [ "${turn_server}?transport=udp" "${turn_server}?transport=tcp" ];
+        turn =
+          "turn:${config.services.coturn.realm}:${toString config.services.coturn.listening-port}";
+      in [ "${turns}?transport=udp" "${turns}?transport=tcp" "${turn}?transport=udp" "${turn}?transport=tcp" ];
       turn_user_lifetime = "24h";
       allow_guest_access = true;
       logConfig = ''