{ config, continuwuity, ... }:

{
  sops.secrets."coturn/auth_secret_home" = {
    sopsFile = ./secrets/coturn_home.yaml;
    mode = "0400";
    owner = "continuwuity";
    group = "continuwuity";
  };

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8008 ];

  services.matrix-continuwuity = {
    enable = true;
    package = continuwuity.packages.x86_64-linux.default;
    settings.global = {
      server_name = "ellie.town";
      new_user_displayname_suffix = "";
      allow_registration = true;

      address = [ "10.10.0.2" ];
      port = [ 8008 ];

      turn_uris = [ "turns:turn.ellie.town" ];
      turn_secret_file = config.sops.secrets."coturn/auth_secret_home".path;

      well_known = {
        client = "https://matrix.ellie.town";
        server = "matrix.ellie.town:443";
      };
    };
  };
}