home-server/services/matrix.nix

{ config, continuwuity, ... }:

{
  sops.secrets."coturn/auth_secret_home" = {
    sopsFile = ./secrets/coturn_home.yaml;
    mode = "0400";
    owner = "continuwuity";
    group = "continuwuity";
  };

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8008 ];

  services.matrix-continuwuity = {
    enable = true;
    package = continuwuity.packages.x86_64-linux.default;
    settings.global = {
      server_name = "ellie.town";
      new_user_displayname_suffix = "";
      allow_registration = true;

      address = [ "10.10.0.2" ];
      port = [ 8008 ];

      turn_uris = [
        "turns:turn.ellie.town?transport=udp"
        "turns:turn.ellie.town?transport=tcp"
      ];
      turn_secret_file = config.sops.secrets."coturn/auth_secret_home".path;
      turn_ttl = 86400;

      matrix_rtc.foci = [
        {
          type = "livekit";
          livekit_service_url = "https://lk-jwt.ellie.town";
        }
      ];

      well_known = {
        client = "https://matrix.ellie.town";
        server = "matrix.ellie.town:443";
      };
    };
  };
}