diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-03-11 12:37:57 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-03-11 12:37:57 +0100 |
commit | d56f895a1c0e98b76f80652d85fcec51ef42f775 (patch) | |
tree | 73b5df9ab84c058ad6908313ab2cf3ced5f8dbac | |
parent | 6b8a94ba2efc85970e66ad2a863f8240cddfde70 (diff) | |
download | nixcfg-d56f895a1c0e98b76f80652d85fcec51ef42f775.tar.gz nixcfg-d56f895a1c0e98b76f80652d85fcec51ef42f775.zip |
integrate turn in matrix
-rw-r--r-- | cluster/prod/app/matrix/config/coturn/turnserver.conf.tpl | 19 | ||||
-rw-r--r-- | cluster/prod/app/matrix/config/synapse/homeserver.yaml | 4 |
2 files changed, 2 insertions, 21 deletions
diff --git a/cluster/prod/app/matrix/config/coturn/turnserver.conf.tpl b/cluster/prod/app/matrix/config/coturn/turnserver.conf.tpl deleted file mode 100644 index f867ac0..0000000 --- a/cluster/prod/app/matrix/config/coturn/turnserver.conf.tpl +++ /dev/null @@ -1,19 +0,0 @@ -use-auth-secret -static-auth-secret={{ key "secrets/chat/coturn/static-auth" | trimSpace }} -realm=turn.deuxfleurs.fr - -# VoIP traffic is all UDP. There is no reason to let users connect to arbitrary TCP endpoints via the relay. -#no-tcp-relay - -# don't let the relay ever try to connect to private IP address ranges within your network (if any) -# given the turn server is likely behind your firewall, remember to include any privileged public IPs too. -#denied-peer-ip=10.0.0.0-10.255.255.255 -#denied-peer-ip=192.168.0.0-192.168.255.255 -#denied-peer-ip=172.16.0.0-172.31.255.255 - -# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS. -user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user. -total-quota=1200 - -min-port=49152 -max-port=49252 diff --git a/cluster/prod/app/matrix/config/synapse/homeserver.yaml b/cluster/prod/app/matrix/config/synapse/homeserver.yaml index 48ae431..78eb913 100644 --- a/cluster/prod/app/matrix/config/synapse/homeserver.yaml +++ b/cluster/prod/app/matrix/config/synapse/homeserver.yaml @@ -256,10 +256,10 @@ recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" ## Turn ## # The public URIs of the TURN server to give to clients -#turn_uris: [ "turn:turn.deuxfleurs.fr:3478?transport=udp", "turn:turn.deuxfleurs.fr:3478?transport=tcp" ] +turn_uris: [ "turn:turn.deuxfleurs.fr:3478?transport=udp", "turn:turn.deuxfleurs.fr:3478?transport=tcp" ] # The shared secret used to compute passwords for the TURN server -#turn_shared_secret: 'change me' +turn_shared_secret: '{{ key "secrets/coturn/static-auth-secret" | trimSpace }}' # How long generated TURN credentials last turn_user_lifetime: "1h" |