hippocampus: matrix: turn/sfu prep

2026-02-14 15:05:08 -05:00
parent 1b1755b498
commit 785319fdb4
3 changed files with 90 additions and 0 deletions
--- a/machines/hippocampus/servers/public/matrix/turn.nix
+++ b/machines/hippocampus/servers/public/matrix/turn.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, lib, ... }: {
+  # TODO: Generate coturn secret
+  services.coturn = {
+    enable = true;
+    realm = "turn.glia.club";
+    listening-port = 3478;
+    tls-listening-port = 5349;
+    min-port = config.services.livekit.settings.rtc.port_range_start+1;
+    max-port = 65535;
+    use-auth-secret = true;
+    static-auth-secret-file = config.sops.secrets.coturn-secret.path;
+  };
+  services.caddy.virtualHosts = {
+    "turn.glia.club" = {
+      # Use ZeroSSL
+      # as WebRTC clients misbehave with LetsEncrypt:
+      # https://github.com/element-hq/element-android/issues/1533
+      # https://github.com/element-hq/element-ios/issues/2712
+      # https://bugs.chromium.org/p/webrtc/issues/detail?id=11710
+      extraConfig = ''
+        acme_ca https://acme.zerossl.com/v2/DV90
+        respond "You ~~spin~~ turn me right round!"
+      '';
+    };
+  };
+}