Config coturn

linux/nebula/conduit.nix

@@ -1,24 +1,19 @@
 {config, ...}: {
-  services = with config.constants; {
-    coturn = {
-      enable = true;
-      realm = localhost;
-      static-auth-secret-file = config.sops.secrets.coturn.path;
-      use-auth-secret = true;
-    };
-    matrix-conduit = {
-      enable = true;
-      settings.global = {
-        address = wildcard;
-        port = port.conduit;
-        turn_secret = "TbbL8a4tsv6HkR9esjkPa4$fTKX";
-        turn_uris = [
-          "turn:${localhost}?transport=udp"
-          "turn:${localhost}?transport=tcp"
-        ];
-        server_name = domain;
-      };
+  services.matrix-conduit = with config.constants; {
+    enable = true;
+    settings.global = {
+      address = wildcard;
+      port = port.conduit;
+      # Use secret file when possible
+      turn_secret = "84EoJSEVnlH@eiqqV7K!2vmAr^G";
+      turn_uris = let
+        coturn-realm = "turn.${domain}";
+      in [
+        "turn:${coturn-realm}:${toString port.coturn-tls}?transport=udp"
+        "turn:${coturn-realm}:${toString port.coturn-tls}?transport=tcp"
+      ];
+      turn_user_lifetime = "1h";
+      server_name = domain;
     };
   };
-  sops.secrets.coturn = {};
 }