Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "see if we can set up livekit on the matrix server"

Browse source 
This reverts commit 842ec53f64.
This commit is contained in:
Lillian Violet 2026-03-17 18:33:00 +01:00
parent 0b2356bd94
commit eb63d12582
5 changed files with 11 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

90
nixos/server/package-configs/conduit/default.nix
View file

@ -19,11 +19,6 @@
}
'';
livekit-port = 64485;
livekit-rtc-start = 63400;
livekit-rtc-end = 63600;
livekit-url = "livekit.gladtherescake.eu";
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/client`
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
@ -33,27 +28,6 @@
}
'';
in {
sops.secrets = {
"livekit-secret" = {
mode = "0440";
owner = "nginx";
};
};
services.livekit = {
enable = true;
keyFile = config.sops.secrets."livekit-secret".path;
openFirewall = true;
redis.port = 64484;
settings = {
port = livekit-port;
rtc = {
port_range_start = livekit-rtc-start;
port_range_end = livekit-rtc-end;
use_external_ip = true;
};
};
};
# Configure continuwuity itself
services.matrix-continuwuity = {
enable = true;
@ -63,12 +37,7 @@ in {
allow_registration = false;
# emergency_password = "testpassword";
turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
matrix_rtc = {
foci = [
''{type = "livekit", livekit_service_url = "https://${livekit-url}"},''
];
};
turn-secret-file = config.sops.secrets."coturn-auth-secret".path;
turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
well_known = {
server = "matrix.gladtherescake.eu:443";
client = "https://matrix.gladtherescake.eu";
@ -94,59 +63,6 @@ in {
enable = true;
virtualHosts = {
"${livekit-url}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = 8448;
ssl = true;
}
];
locations."~ ^/(sfu/get|healthz|get_token)" = {
proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_buffering off;
'';
};
# for livekit
locations."/" = {
proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri;";
extraConfig = ''
X-Forwarded-For $remote_addr;"
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_buffering off;
# websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
"${server_name}" = {
forceSSL = true;
enableACME = true;
@ -164,12 +80,12 @@ in {
}
{
addr = "0.0.0.0";
port = livekit-port;
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = livekit-port;
port = 8448;
ssl = true;
}
];