From 5455618ee2d9735f658b1c0c217ca65b5b5c2daf Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 17:37:38 +0100 Subject: [PATCH 1/7] try and do these settings differently --- nixos/server/package-configs/conduit/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index d2a42ee..3a14dd9 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -65,7 +65,10 @@ in { turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; matrix_rtc = { foci = [ - ''{type = "livekit", livekit_service_url = "https://${livekit-url}"},'' + { + type = "livekit"; + livekit_service_url = "https://${livekit-url}"; + } ]; }; turn-secret-file = config.sops.secrets."coturn-auth-secret".path; From d91fe220304f717df6f7edc35e4ddca0b81893c1 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:32:04 +0100 Subject: [PATCH 2/7] Revert "try and do these settings differently" This reverts commit 5455618ee2d9735f658b1c0c217ca65b5b5c2daf. --- nixos/server/package-configs/conduit/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index 3a14dd9..d2a42ee 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -65,10 +65,7 @@ in { turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; matrix_rtc = { foci = [ - { - type = "livekit"; - livekit_service_url = "https://${livekit-url}"; - } + ''{type = "livekit", livekit_service_url = "https://${livekit-url}"},'' ]; }; turn-secret-file = config.sops.secrets."coturn-auth-secret".path; From 375c30e624684b36af695bd6cc45592e866aa114 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:32:17 +0100 Subject: [PATCH 3/7] Revert "forgot one http_host" This reverts commit 7b773cbcd7e927a428b209a1c38a28323a11f5ff. --- nixos/server/package-configs/conduit/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index d2a42ee..ab304a5 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -126,7 +126,7 @@ in { extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_buffering off; ''; }; From 76b9b5b29d103c6f81b9650ba9b5a17968d6c802 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:32:26 +0100 Subject: [PATCH 4/7] Revert "it's telling me to replace this with host in nginx files, see if that fixes it" This reverts commit b1554aa23ea5ab85297abf301ffb3171a9013b52. --- nixos/server/package-configs/conduit/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index ab304a5..7a729f3 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -137,7 +137,7 @@ in { extraConfig = '' X-Forwarded-For $remote_addr;" proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; + proxy_set_header Host $http_host; proxy_buffering off; # websocket From 0b2356bd940a8061daa4c3a8d4862f2fa22d47cb Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:32:47 +0100 Subject: [PATCH 5/7] Revert "fix server ports for nginx" This reverts commit 5855d6242d13ce8f3ee37fe58c6218a5c1cffa48. --- nixos/server/package-configs/conduit/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index 7a729f3..b4e36cb 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -111,12 +111,12 @@ in { } { addr = "0.0.0.0"; - port = livekit-port; + port = 8448; ssl = true; } { addr = "[::]"; - port = livekit-port; + port = 8448; ssl = true; } ]; @@ -164,12 +164,12 @@ in { } { addr = "0.0.0.0"; - port = 8448; + port = livekit-port; ssl = true; } { addr = "[::]"; - port = 8448; + port = livekit-port; ssl = true; } ]; From eb63d125821c7834830da7f8efd6c9585410c412 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:33:00 +0100 Subject: [PATCH 6/7] Revert "see if we can set up livekit on the matrix server" This reverts commit 842ec53f64c8e703b3f77d15441ae54d51a4a687. --- justfile | 2 +- nixos/hosts/queen/secrets/sops.yaml | 7 +- .../package-configs/conduit/default.nix | 90 +------------------ .../package-configs/nextcloud/default.nix | 14 +-- test.sh | 1 - 5 files changed, 11 insertions(+), 103 deletions(-) delete mode 100755 test.sh diff --git a/justfile b/justfile index b42fbed..44b9a63 100644 --- a/justfile +++ b/justfile @@ -42,5 +42,5 @@ setup: push: git pull git add * - read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message && echo "$message" > .commit-message && git commit -m "$message" && rm -f .commit-message + read -p "Commit message: " -r message && git commit -m "$message" git push diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 28fc80b..c0edc61 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -16,7 +16,6 @@ writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] mollysocket-vapid-key: ENC[AES256_GCM,data:8N2hxY6WN6mCcjMIFsw/Vt1RoGvUbYxkVPOOn4WRjXZtEEkkVCIaNevozF4xCnBUEWIukNg8lZk8ake/pHAq,iv:+NHm3hSotcRPRjrwEe9xKnEeYbnUZqJEB1sd5B+tWIE=,tag:Pd2pnJqj771XqdqBREGzJQ==,type:str] -livekit-secret: ENC[AES256_GCM,data:fsYuxQ00Ikp18NyyxZoOGqBrz+vBbEVoYfWUKN57jRveYDpPIV53VoYypQCp54oKsn3AN6A4cMZFQCJqOEsvhnniB+K3,iv:pvXqP8OTKFVUhebUWq2m8tBqvvI2FrXe+mDQYiq/gvQ=,tag:bLA1s922qEMVju5LxlGzJA==,type:str] sops: age: - recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz @@ -28,7 +27,7 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-17T15:28:18Z" - mac: ENC[AES256_GCM,data:/ziw/6iAMzPjtwP19IEZuEumQ6qQxE0pr6qhtRxccAzqsQjcZnsHVjrz5wCVlt1TVBsbFnveAY+MbO7pj2Vah0rka5DNs1mV+xfo+POuArboFOsyOOtw1wNXSlRhW/jMhjq7/MMBmPgMlWoals1r7X+wZzGHvBMKMOECfd4B4dY=,iv:KQUC8AfEn0TQxKZ9+PrD/bSaOz0HjifvluDQFwXcGIk=,tag:n788ZvgcnvU63ue3TOYWAw==,type:str] + lastmodified: "2025-08-04T13:04:56Z" + mac: ENC[AES256_GCM,data:ppQgyWY/4Kr8/Ag5x7wBv1RZAxky6Itf4sBBRIzJj8njzSDOPm0blcDHjIGesu9PwmjnnJihZivmWXj43pAjxf6p4FmtlBAIqLUjRIV7fR16VINo7dPx4Pv6+sw1uwFvLliD/FfKwYo2S+Lx0eQnOzW1p7RROpbQJQ8k7AUngKE=,iv:Pk8sPdAMzITgeeaoZHJc77ywp47DuB5A1Lx5pjtHXM0=,tag:JkMDnjYMPTFkyOiikA7ejA==,type:str] unencrypted_suffix: _unencrypted - version: 3.12.1 + version: 3.10.2 diff --git a/nixos/server/package-configs/conduit/default.nix b/nixos/server/package-configs/conduit/default.nix index b4e36cb..09268ee 100644 --- a/nixos/server/package-configs/conduit/default.nix +++ b/nixos/server/package-configs/conduit/default.nix @@ -19,11 +19,6 @@ } ''; - livekit-port = 64485; - livekit-rtc-start = 63400; - livekit-rtc-end = 63600; - livekit-url = "livekit.gladtherescake.eu"; - # Build a dervation that stores the content of `${server_name}/.well-known/matrix/client` well_known_client = pkgs.writeText "well-known-matrix-client" '' { @@ -33,27 +28,6 @@ } ''; in { - sops.secrets = { - "livekit-secret" = { - mode = "0440"; - owner = "nginx"; - }; - }; - - services.livekit = { - enable = true; - keyFile = config.sops.secrets."livekit-secret".path; - openFirewall = true; - redis.port = 64484; - settings = { - port = livekit-port; - rtc = { - port_range_start = livekit-rtc-start; - port_range_end = livekit-rtc-end; - use_external_ip = true; - }; - }; - }; # Configure continuwuity itself services.matrix-continuwuity = { enable = true; @@ -63,12 +37,7 @@ in { allow_registration = false; # emergency_password = "testpassword"; turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"]; - matrix_rtc = { - foci = [ - ''{type = "livekit", livekit_service_url = "https://${livekit-url}"},'' - ]; - }; - turn-secret-file = config.sops.secrets."coturn-auth-secret".path; + turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT"; well_known = { server = "matrix.gladtherescake.eu:443"; client = "https://matrix.gladtherescake.eu"; @@ -94,59 +63,6 @@ in { enable = true; virtualHosts = { - "${livekit-url}" = { - forceSSL = true; - enableACME = true; - - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - - locations."~ ^/(sfu/get|healthz|get_token)" = { - proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_buffering off; - ''; - }; - - # for livekit - locations."/" = { - proxyPass = "http://127.0.0.1:${toString livekit-port}$request_uri;"; - extraConfig = '' - X-Forwarded-For $remote_addr;" - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $http_host; - proxy_buffering off; - - # websocket - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - }; - }; "${server_name}" = { forceSSL = true; enableACME = true; @@ -164,12 +80,12 @@ in { } { addr = "0.0.0.0"; - port = livekit-port; + port = 8448; ssl = true; } { addr = "[::]"; - port = livekit-port; + port = 8448; ssl = true; } ]; diff --git a/nixos/server/package-configs/nextcloud/default.nix b/nixos/server/package-configs/nextcloud/default.nix index b6fd5e6..8afd0e5 100644 --- a/nixos/server/package-configs/nextcloud/default.nix +++ b/nixos/server/package-configs/nextcloud/default.nix @@ -3,16 +3,10 @@ pkgs, ... }: { - sops.secrets = { - "nextcloudadmin" = { - mode = "0440"; - owner = config.users.users.nextcloud.name; - }; - "nextclouddb" = { - mode = "0440"; - owner = config.users.users.nextcloud.name; - }; - }; + sops.secrets."nextcloudadmin".mode = "0440"; + sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; + sops.secrets."nextclouddb".mode = "0440"; + sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; # sops.secrets."local.json".mode = "0440"; # sops.secrets."local.json".owner = config.users.users.onlyoffice.name; diff --git a/test.sh b/test.sh deleted file mode 100755 index 8b62478..0000000 --- a/test.sh +++ /dev/null @@ -1 +0,0 @@ -read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message From b6eb9b59185ba84374c900ae084720cdbc42bfe6 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Tue, 17 Mar 2026 18:35:33 +0100 Subject: [PATCH 7/7] add function for just push to retain message if the test fails --- justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/justfile b/justfile index 44b9a63..b42fbed 100644 --- a/justfile +++ b/justfile @@ -42,5 +42,5 @@ setup: push: git pull git add * - read -p "Commit message: " -r message && git commit -m "$message" + read -e -p "Commit message: " -i "$(cat .commit-message || echo '')" -r message && echo "$message" > .commit-message && git commit -m "$message" && rm -f .commit-message git push