Separate the synapse and coturn services
This commit is contained in:
parent
e417ad358c
commit
4080f649d8
|
@ -25,16 +25,13 @@
|
|||
./server/icecast.nix
|
||||
./server/firewall.nix
|
||||
./server/gitea.nix
|
||||
./server/lemmy.nix
|
||||
./server/mailserver.nix
|
||||
./server/mariadb.nix
|
||||
./server/mastodon.nix
|
||||
./server/nextcloud.nix
|
||||
./server/nfs.nix
|
||||
./server/nginx.nix
|
||||
./server/owncast.nix
|
||||
./server/photoprism.nix
|
||||
#./server/pixelfed.nix
|
||||
./server/minecraft
|
||||
./server/vaultwarden.nix
|
||||
./server/transmission.nix
|
||||
|
@ -44,7 +41,13 @@
|
|||
# Matrix
|
||||
./server/synapse.nix
|
||||
./server/element.nix
|
||||
./server/coturn.nix
|
||||
./server/matrix-discord.nix
|
||||
|
||||
# Federation
|
||||
./server/lemmy.nix
|
||||
./server/mastodon.nix
|
||||
#./server/pixelfed.nix
|
||||
];
|
||||
|
||||
# Set custom openssh port
|
||||
|
|
38
nixos/server/coturn.nix
Normal file
38
nixos/server/coturn.nix
Normal file
|
@ -0,0 +1,38 @@
|
|||
{outputs, ...}: {
|
||||
services = {
|
||||
coturn = rec {
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = 49000;
|
||||
max-port = 50000;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret = "will be world readable for local users :(";
|
||||
realm = "turn.${outputs.secrets.jimDomain}";
|
||||
cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
|
||||
};
|
||||
|
||||
# Proxy main coturn port
|
||||
nginx.virtualHosts."turn.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = [{
|
||||
addr = "0.0.0.0";
|
||||
port = 80;
|
||||
ssl = false;
|
||||
}];
|
||||
locations."/".proxyPass = "http://127.0.0.1:1380";
|
||||
};
|
||||
};
|
||||
|
||||
# Open coturn ports
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [
|
||||
3478 5349
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 49000; to = 50000; }
|
||||
];
|
||||
};
|
||||
}
|
|
@ -15,8 +15,8 @@
|
|||
"john.${outputs.secrets.jimDomain}"
|
||||
"mc.${outputs.secrets.jimDomain}"
|
||||
"mx.${outputs.secrets.jimDomain}"
|
||||
"panel.${outputs.secrets.jimDomain}"
|
||||
"rtmp.${outputs.secrets.jimDomain}"
|
||||
"turn.${outputs.secrets.jimDomain}"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{pkgs, outputs, config, ...}: {
|
||||
services = {
|
||||
# Synapse Matrix server
|
||||
matrix-synapse = with config.services.coturn; {
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server_name = "${outputs.secrets.jimDomain}";
|
||||
|
@ -84,51 +84,17 @@
|
|||
environmentFile = "${matrixSecretFile}";
|
||||
};
|
||||
|
||||
# Coturn for VC
|
||||
coturn = rec {
|
||||
enable = true;
|
||||
no-cli = true;
|
||||
no-tcp-relay = true;
|
||||
min-port = 49000;
|
||||
max-port = 50000;
|
||||
use-auth-secret = true;
|
||||
static-auth-secret = "will be world readable for local users :(";
|
||||
realm = "turn.${outputs.secrets.jimDomain}";
|
||||
cert = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.${outputs.secrets.jimDomain}.com/key.pem";
|
||||
};
|
||||
|
||||
# Nginx
|
||||
nginx.virtualHosts = {
|
||||
"matrix.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".extraConfig = ''return 403;'';
|
||||
"/client".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_matrix".proxyPass = "http://127.0.0.1:8008";
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
};
|
||||
"turn.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = 80; ssl = false; }
|
||||
];
|
||||
locations."/".proxyPass = "http://127.0.0.1:1380";
|
||||
# Proxy for both Synapse and Sliding Sync
|
||||
nginx.virtualHosts."matrix.${outputs.secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".extraConfig = ''return 403;'';
|
||||
"/client".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_matrix".proxyPass = "http://127.0.0.1:8008";
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Open coturn ports
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [
|
||||
3478 5349 # Coturn UDP
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 49000; to = 50000; } # Coturn range
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue