{config, ...}: {
  services = with config.constants; {
    coturn = {
      enable = true;
      realm = localhost;
      static-auth-secret-file = config.sops.secrets.coturn.path;
      use-auth-secret = true;
    };
    matrix-conduit = {
      enable = true;
      settings.global = {
        address = wildcard;
        port = port.conduit;
        turn_secret = "TbbL8a4tsv6HkR9esjkPa4$fTKX";
        turn_uris = [
          "turn:${localhost}?transport=udp"
          "turn:${localhost}?transport=tcp"
        ];
        server_name = domain;
      };
    };
  };
  sops.secrets.coturn = {};
}