From 2096c7213f35d60fd50b8d9620c6b25483a83079 Mon Sep 17 00:00:00 2001
From: David Crompton <davidcrompton@duck.com>
Date: Sat, 14 Feb 2026 16:30:43 -0500
Subject: [PATCH] hippocampus: matrix: server: enable turn

---
 machines/hippocampus/servers/public/matrix/turn.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/machines/hippocampus/servers/public/matrix/turn.nix b/machines/hippocampus/servers/public/matrix/turn.nix
index 88c8532..dd9c70e 100644
--- a/machines/hippocampus/servers/public/matrix/turn.nix
+++ b/machines/hippocampus/servers/public/matrix/turn.nix
@@ -13,6 +13,16 @@
     cert = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.crt";
     pkey = "/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/turn.glia.club/turn.glia.club.key";
   };
+  services.matrix-tuwunel.settings = {
+    global = {
+      turn_uris = [
+        "turn:turn.glia.club?transport=udp"
+        "turn:turn.glia.club?transport=tcp"
+      ];
+      turn_secret = true;
+      turn_secret_file = config.sops.secrets.coturn-secret.path;
+    };
+  };
   services.caddy.virtualHosts = {
     "turn.glia.club" = {
       # Use ZeroSSL