From eb63d125821c7834830da7f8efd6c9585410c412 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:33:00 +0100 Subject: [PATCH] Revert "see if we can set up livekit on the matrix server" This reverts commit 842ec53f64c8e703b3f77d15441ae54d51a4a687. --- justfile | 2 +- nixos/hosts/queen/secrets/sops.yaml | 7 +- .../package-configs/conduit/default.nix | 90 +------------------ .../package-configs/nextcloud/default.nix | 14 +-- test.sh | 1 - 5 files changed, 11 insertions(+), 103 deletions(-) delete mode 100755 test.sh diff --git a/justfile b/justfile index b42fbed..44b9a63 100644 --- a/justfile +++ b/justfile @@ -42,5 +42,5 @@ setup: push: git pull git add * - read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message && echo "$message" > .commit-message && git commit -m "$message" && rm -f .commit-message + read -p "Commit message: " -r message && git commit -m "$message" git push diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 28fc80b..c0edc61 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -16,7 +16,6 @@ writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str] -livekit-secret: ENC[AES256_GCM,data:fsYuxQ00Ikp18NyyxZoOGqBrz+vBbEVoYfWUKN57jRveYDpPIV53VoYypQCp54oKsn3AN6A4cMZFQCJqOEsvhnniB+K3,iv:pvXqP8OTKFVUhebUWq2m8tBqvvI2FrXe+mDQYiq/gvQ=,tag:bLA1s922qEMVju5LxlGzJA==,type:str] sops: age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz @@ -28,7 +27,7 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-17T15:28:18Z" - mac: ENC[AES256_GCM,data:/ziw/6iAMzPjtwP19IEZuEumQ6qQxE0pr6qhtRxccAzqsQjcZnsHVjrz5wCVlt1TVBsbFnveAY+MbO7pj2Vah0rka5DNs1mV+xfo+POuArboFOsyOOtw1wNXSlRhW/jMhjq7/MMBmPgMlWoals1r7X+wZzGHvBMKMOECfd4B4dY=,iv:KQUC8AfEn0TQxKZ9+PrD/bSaOz0HjifvluDQFwXcGIk=,tag:n788ZvgcnvU63ue3TOYWAw==,type:str] + lastmodified: "2025-08-04T13:04:56Z" + mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.10.2 diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index b4e36cb..09268ee 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -19,11 +19,6 @@ } ''; - livekit-port = 64485; - livekit-rtc-start = 63400; - livekit-rtc-end = 63600; - livekit-url = "livekit.gladtherescake.eu"; - # Build a dervation that stores the content of `${server_name}/.well-known/matrix/client` well_known_client = pkgs.writeText "well-known-matrix-client" '' { @@ -33,27 +28,6 @@ } ''; in { - sops.secrets = { - "livekit-secret" = { - mode = "0440"; - owner = "nginx"; - }; - }; - - services.livekit = { - enable = true; - keyFile = config.sops.secrets."livekit-secret".path; - openFirewall = true; - redis.port = 64484; - settings = { - port = livekit-port; - rtc = { - port_range_start = livekit-rtc-start; - port_range_end = livekit-rtc-end; - use_external_ip = true; - }; - }; - }; # Configure continuwuity itself services.matrix-continuwuity = { enable = true; @@ -63,12 +37,7 @@ in { allow_registration = false; # emergency_password = "testpassword"; turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; - matrix_rtc = { - foci = [ - ''{type = "livekit", livekit_service_url = "https://${livekit-url}"},'' - ]; - }; - turn-secret-file = config.sops.secrets."coturn-auth-secret".path; + turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT"; well_known = { server = "matrix.gladtherescake.eu:443"; client = "https://matrix.gladtherescake.eu"; @@ -94,59 +63,6 @@ in { enable = true; virtualHosts = { - "${livekit-url}" = { - forceSSL = true; - enableACME = true; - - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - - locations."~ ^/(sfu/get|healthz|get_token)" = { - proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_buffering off; - ''; - }; - - # for livekit - locations."/" = { - proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri;"; - extraConfig = '' - X-Forwarded-For $remote_addr;" - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_buffering off; - - # websocket - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - }; - }; "${server_name}" = { forceSSL = true; enableACME = true; @@ -164,12 +80,12 @@ in { } { addr = "0.0.0.0"; - port = livekit-port; + port = 8448; ssl = true; } { addr = "[::]"; - port = livekit-port; + port = 8448; ssl = true; } ]; diff --git a/nixos/server/package-configs/nextcloud/default.nix b/nixos/server/package-configs/nextcloud/default.nix index b6fd5e6..8afd0e5 100644 --- a/nixos/server/package-configs/nextcloud/default.nix +++ b/nixos/server/package-configs/nextcloud/default.nix @@ -3,16 +3,10 @@ pkgs, ... }: { - sops.secrets = { - "nextcloudadmin" = { - mode = "0440"; - owner = config.users.users.nextcloud.name; - }; - "nextclouddb" = { - mode = "0440"; - owner = config.users.users.nextcloud.name; - }; - }; + sops.secrets."nextcloudadmin".mode = "0440"; + sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; + sops.secrets."nextclouddb".mode = "0440"; + sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; # sops.secrets."local.json".mode = "0440"; # sops.secrets."local.json".owner = config.users.users.onlyoffice.name; diff --git a/test.sh b/test.sh deleted file mode 100755 index 8b62478..0000000 --- a/test.sh +++ /dev/null @@ -1 +0,0 @@ -read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message