From 8bbc0eda8febbb7bfe441cf7eb48f00c71c19abc Mon Sep 17 00:00:00 2001
From: George <rozov2004@list.ru>
Date: Sat, 6 Dec 2025 00:35:48 +0300
Subject: [PATCH] fix: matrix works with self-hosted element

---
 nixos/system/bfs/voice-tune.nix | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/nixos/system/bfs/voice-tune.nix b/nixos/system/bfs/voice-tune.nix
index d942b24..32e936a 100644
--- a/nixos/system/bfs/voice-tune.nix
+++ b/nixos/system/bfs/voice-tune.nix
@@ -1,14 +1,25 @@
 { lib, config, ... }: let
   cfg = config.currentServer.matrix;
+  shared_secret = "secret";
 in {
   config = {
-    services.coturn = {
+    services.coturn = rec {
       enable = true;
       realm = cfg.matrixDomain;
-
+      use-auth-secret = true;
+      static-auth-secret = shared_secret;
+      cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
+      pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
+      listening-ips = ["188.137.254.58"];
+      no-tcp-relay = true;
+      relay-ips = ["188.137.254.58"];
       listening-port = 3478;
       tls-listening-port = 5349;
       no-cli = true;
+
+      extraConfig = ''
+        verbose
+      '';
     };
 
     networking.firewall = {
@@ -17,17 +28,14 @@ in {
       allowedUDPPortRanges = [
         { from = 49152; to = 65535; }
       ];
-      allowedTCPPortRanges = [
-        { from = 50000; to = 51000; }
-      ];
     };
 
     services.matrix-synapse.settings = {
       turn_uris = [
         "turn:${cfg.matrixDomain}:3478?transport=udp"
-        "turns:${cfg.matrixDomain}:5349?transport=tcp"
+        "turn:${cfg.matrixDomain}:3478?transport=tcp"
       ];
-      turn_shared_secret = "secret";
+      turn_shared_secret = shared_secret;
     };
   };
 }