Separate the synapse and coturn services

nixos/server.nix

@@ -25,16 +25,13 @@
     ./server/icecast.nix
     ./server/firewall.nix
     ./server/gitea.nix
-    ./server/lemmy.nix
     ./server/mailserver.nix
     ./server/mariadb.nix
-    ./server/mastodon.nix
     ./server/nextcloud.nix
     ./server/nfs.nix
     ./server/nginx.nix
     ./server/owncast.nix
     ./server/photoprism.nix
-    #./server/pixelfed.nix
     ./server/minecraft
     ./server/vaultwarden.nix
     ./server/transmission.nix
@@ -44,7 +41,13 @@
     # Matrix
     ./server/synapse.nix
     ./server/element.nix
+    ./server/coturn.nix
     ./server/matrix-discord.nix
+
+    # Federation
+    ./server/lemmy.nix
+    ./server/mastodon.nix
+    #./server/pixelfed.nix
   ];
 
   # Set custom openssh port

nixos/server/coturn.nix

@@ -0,0 +1,38 @@
+{outputs, ...}: {
+  services = {
+    coturn = rec {
+      enable = true;
+      no-cli = true;
+      no-tcp-relay = true;
+      min-port = 49000;
+      max-port = 50000;
+      use-auth-secret = true;
+      static-auth-secret = "will be world readable for local users :(";
+      realm = "turn.${outputs.secrets.jimDomain}";
+      cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
+      pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
+    };
+
+    # Proxy main coturn port
+    nginx.virtualHosts."turn.${outputs.secrets.jimDomain}" = {
+      enableACME = true;
+      forceSSL = true;
+      listen = [{
+        addr = "0.0.0.0";
+	port = 80;
+	ssl = false; 
+      }];
+      locations."/".proxyPass = "http://127.0.0.1:1380";
+    };
+  };
+
+  # Open coturn ports
+  networking.firewall = {
+    allowedUDPPorts = [
+      3478 5349
+    ];
+    allowedUDPPortRanges = [
+      { from = 49000; to = 50000; }
+    ];
+  };
+}

nixos/server/ddclient.nix

@@ -15,8 +15,8 @@
       "john.${outputs.secrets.jimDomain}"
       "mc.${outputs.secrets.jimDomain}"
       "mx.${outputs.secrets.jimDomain}"
-      "panel.${outputs.secrets.jimDomain}"
       "rtmp.${outputs.secrets.jimDomain}"
+      "turn.${outputs.secrets.jimDomain}"
     ];
   };
 }

nixos/server/synapse.nix

@@ -1,7 +1,7 @@
 {pkgs, outputs, config, ...}: {
   services = {
     # Synapse Matrix server
-    matrix-synapse = with config.services.coturn; {
+    matrix-synapse = {
       enable = true;
       settings = {
         server_name = "${outputs.secrets.jimDomain}";
@@ -84,23 +84,8 @@
       environmentFile = "${matrixSecretFile}";
     };
 
-    # Coturn for VC
+    # Proxy for both Synapse and Sliding Sync
-    coturn = rec {
+    nginx.virtualHosts."matrix.${outputs.secrets.jimDomain}" = {
-      enable = true;
-      no-cli = true;
-      no-tcp-relay = true;
-      min-port = 49000;
-      max-port = 50000;
-      use-auth-secret = true;
-      static-auth-secret = "will be world readable for local users :(";
-      realm = "turn.${outputs.secrets.jimDomain}";
-      cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
-      pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
-    };
-
-    # Nginx
-    nginx.virtualHosts = {
-      "matrix.${outputs.secrets.jimDomain}" = {
       enableACME = true;
       forceSSL = true;
       locations = {
@@ -111,24 +96,5 @@
         "/_synapse/client".proxyPass = "http://127.0.0.1:8008";
       };
     };
-      "turn.${outputs.secrets.jimDomain}" = {
-        enableACME = true;
-        forceSSL = true;
-        listen = [
-          { addr = "0.0.0.0"; port = 80; ssl = false; }
-        ];
-        locations."/".proxyPass = "http://127.0.0.1:1380";
-      };
-    };
-  };
-
-  # Open coturn ports
-  networking.firewall = {
-    allowedUDPPorts = [
-      3478 5349 # Coturn UDP
-    ];
-    allowedUDPPortRanges = [
-      { from = 49000; to = 50000; } # Coturn range
-    ];
   };
 }