From 7c549f57db51f60806afca78d820ddf9faae3882 Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Mon, 15 Mar 2021 00:10:19 +0100
Subject: [PATCH] working voip

---
 configuration.nix |  3 ++-
 matrix.nix        | 25 +++++++++++++++----------
 variables.nix     |  2 +-
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 2c23b08..ae5b883 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -40,8 +40,8 @@
       993    # imaps server
       25 465 # smtp(s) server
       8080   # hubot
+      3478   # turn server
       5349   # turn server
-      5350   # turn server
       3551   # apcups
       5001   # iperf server
       18080  # monero p2p
@@ -51,6 +51,7 @@
     firewall.allowedUDPPorts = [
       53    # powerdns
       1194  # dnscrypt
+      3478  # turn server
       21027 # syncthing discovery
       64738 # mumble server
     ];
diff --git a/matrix.nix b/matrix.nix
index 597e9e6..573919a 100644
--- a/matrix.nix
+++ b/matrix.nix
@@ -72,11 +72,11 @@ in
     server_name = config.var.hostname;
 
     # Tell users about our TURN server
-    turn_uris = [
-      "turn:${config.var.hostname}:5349?transport=udp"
-      "turn:${config.var.hostname}:5350?transport=udp"
-      "turn:${config.var.hostname}:5349?transport=tcp"
-      "turn:${config.var.hostname}:5350?transport=tcp"
+    turn_uris = with config.services.coturn; [
+      "turn:${realm}:${toString listening-port}?transport=udp"
+      "turn:${realm}:${toString listening-port}?transport=tcp"
+      "turns:${realm}:${toString tls-listening-port}?transport=udp"
+      "turns:${realm}:${toString tls-listening-port}?transport=tcp"
     ];
 
     # Bind on localhost and used a reverse proxy
@@ -153,6 +153,7 @@ in
   # needed for reliable VoIP.
   services.coturn = {
     enable = true;
+    no-cli = true;
 
     # Only allow users vouched for
     # by the Matrix server.
@@ -173,16 +174,20 @@ in
     secure-stun  = true;
     no-tcp-relay = false;
 
+    listening-ips = [ "0.0.0.0" ];
+
     extraConfig = ''
       external-ip=${config.var.ipAddress}
       cipher-list=HIGH
-      no-loopback-peers
       no-multicast-peers
-      denied-peer-ip=10.0.0.0-10.255.255.255
-      denied-peer-ip=192.168.0.0-192.168.255.255
+      no-tlsv1
+      no-tlsv1_1
+      mobility
+      #denied-peer-ip=10.0.0.0-10.255.255.255
+      #denied-peer-ip=192.168.0.0-192.168.255.255
       allowed-peer-ip=192.168.1.5
-      user-quota=12
-      total-quota=1200
+      #user-quota=12
+      #total-quota=1200
       verbose=true
     '';
   };
diff --git a/variables.nix b/variables.nix
index 78f594c..9055bd3 100644
--- a/variables.nix
+++ b/variables.nix
@@ -10,7 +10,7 @@
     readOnly = true;
     default = {
       hostname  = "maxwell.ydns.eu";
-      ipAddress = "2.25.5.112";
+      ipAddress = "2.35.5.112";
     };
     description = "Global constants.";
   };