Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "see if we can set up livekit on the matrix server"

Browse source 
This reverts commit 842ec53f64.
This commit is contained in:
Lillian Violet 2026-03-17 18:33:00 +01:00
parent 0b2356bd94
commit eb63d12582
5 changed files with 11 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

2
justfile
View file

@ -42,5 +42,5 @@ setup:
push: push:
git pull git pull
git add * git add *
read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message && echo "$message" > .commit-message && git commit -m "$message" && rm -f .commit-message read -p "Commit message: " -r message && git commit -m "$message"
git push git push

7
nixos/hosts/queen/secrets/sops.yaml
View file

@ -16,7 +16,6 @@ writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str] mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str]
livekit-secret: ENC[AES256_GCM,data:fsYuxQ00Ikp18NyyxZoOGqBrz+vBbEVoYfWUKN57jRveYDpPIV53VoYypQCp54oKsn3AN6A4cMZFQCJqOEsvhnniB+K3,iv:pvXqP8OTKFVUhebUWq2m8tBqvvI2FrXe+mDQYiq/gvQ=,tag:bLA1s922qEMVju5LxlGzJA==,type:str]
sops: sops:
age: age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
@ -28,7 +27,7 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-17T15:28:18Z" lastmodified: "2025-08-04T13:04:56Z"
mac: ENC[AES256_GCM,data:/ziw/6iAMzPjtwP19IEZuEumQ6qQxE0pr6qhtRxccAzqsQjcZnsHVjrz5wCVlt1TVBsbFnveAY+MbO7pj2Vah0rka5DNs1mV+xfo+POuArboFOsyOOtw1wNXSlRhW/jMhjq7/MMBmPgMlWoals1r7X+wZzGHvBMKMOECfd4B4dY=,iv:KQUC8AfEn0TQxKZ9+PrD/bSaOz0HjifvluDQFwXcGIk=,tag:n788ZvgcnvU63ue3TOYWAw==,type:str] mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.10.2

90
nixos/server/package-configs/conduit/default.nix
View file

@ -19,11 +19,6 @@
} }
''; '';
livekit-port = 64485;
livekit-rtc-start = 63400;
livekit-rtc-end = 63600;
livekit-url = "livekit.gladtherescake.eu";
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/client` # Build a dervation that stores the content of `${server_name}/.well-known/matrix/client`
well_known_client = pkgs.writeText "well-known-matrix-client" '' well_known_client = pkgs.writeText "well-known-matrix-client" ''
{ {
@ -33,27 +28,6 @@
} }
''; '';
in { in {
sops.secrets = {
"livekit-secret" = {
mode = "0440";
owner = "nginx";
};
};
services.livekit = {
enable = true;
keyFile = config.sops.secrets."livekit-secret".path;
openFirewall = true;
redis.port = 64484;
settings = {
port = livekit-port;
rtc = {
port_range_start = livekit-rtc-start;
port_range_end = livekit-rtc-end;
use_external_ip = true;
};
};
};
# Configure continuwuity itself # Configure continuwuity itself
services.matrix-continuwuity = { services.matrix-continuwuity = {
enable = true; enable = true;
@ -63,12 +37,7 @@ in {
allow_registration = false; allow_registration = false;
# emergency_password = "testpassword"; # emergency_password = "testpassword";
turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
matrix_rtc = { turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
foci = [
''{type = "livekit", livekit_service_url = "https://${livekit-url}"},''
];
};
turn-secret-file = config.sops.secrets."coturn-auth-secret".path;
well_known = { well_known = {
server = "matrix.gladtherescake.eu:443"; server = "matrix.gladtherescake.eu:443";
client = "https://matrix.gladtherescake.eu"; client = "https://matrix.gladtherescake.eu";
@ -94,59 +63,6 @@ in {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"${livekit-url}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = 8448;
ssl = true;
}
];
locations."~ ^/(sfu/get|healthz|get_token)" = {
proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_buffering off;
'';
};
# for livekit
locations."/" = {
proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri;";
extraConfig = ''
X-Forwarded-For $remote_addr;"
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_buffering off;
# websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
"${server_name}" = { "${server_name}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -164,12 +80,12 @@ in {
} }
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
port = livekit-port; port = 8448;
ssl = true; ssl = true;
} }
{ {
addr = "[::]"; addr = "[::]";
port = livekit-port; port = 8448;
ssl = true; ssl = true;
} }
]; ];

14
nixos/server/package-configs/nextcloud/default.nix
View file

@ -3,16 +3,10 @@
pkgs, pkgs,
... ...
}: { }: {
sops.secrets = { sops.secrets."nextcloudadmin".mode = "0440";
"nextcloudadmin" = { sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
mode = "0440"; sops.secrets."nextclouddb".mode = "0440";
owner = config.users.users.nextcloud.name; sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
};
"nextclouddb" = {
mode = "0440";
owner = config.users.users.nextcloud.name;
};
};
# sops.secrets."local.json".mode = "0440"; # sops.secrets."local.json".mode = "0440";
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name; # sops.secrets."local.json".owner = config.users.users.onlyoffice.name;

1
test.sh
View file

@ -1 +0,0 @@
read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message