feat: wsl: some things

2026-03-15 10:59:19 +00:00
parent b9730784ba
commit f23720e151
12 changed files with 190 additions and 63 deletions
--- a/nixos/module/hectic/service/voice-tune.nix
+++ b/nixos/module/hectic/service/voice-tune.nix
@@ -0,0 +1,67 @@
+{
+  inputs,
+  flake,
+  self,
+}:
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
+in {
+  options = {
+    hectic.services.matrix = {
+      turnSecretFile = lib.mkOption {
+        type = lib.types.path;
+        description = ''
+          path to env file with matrix secrets
+
+          just raw secret
+        '';
+      };
+      publicIp = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          public IP address of the server, used by coturn for
+          listening and relay
+        '';
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.coturn = rec {
+      enable = true;
+      realm = cfg.matrixDomain;
+      use-auth-secret = true;
+      static-auth-secret-file = cfg.turnSecretFile;
+      cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
+      pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
+      listening-ips = [cfg.publicIp];
+      no-tcp-relay = true;
+      relay-ips = [cfg.publicIp];
+      listening-port = 3478;
+      tls-listening-port = 5349;
+      no-cli = true;
+
+      extraConfig = ''
+        verbose
+      '';
+    };
+
+    networking.firewall = {
+      allowedUDPPorts = [ 3478 5349 ];
+      allowedTCPPorts = [ 3478 5349 ];
+      allowedUDPPortRanges = [
+        { from = 49152; to = 65535; }
+      ];
+    };
+
+    services.matrix-synapse.settings = {
+      turn_uris = [
+        "turn:${cfg.matrixDomain}:3478?transport=udp"
+        "turn:${cfg.matrixDomain}:3478?transport=tcp"
+      ];
+    };
+  };
+}