atridad/haschel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cert and cors
All checks were successful
Deploy NixOS / deploy (push) Successful in 32s
Details

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-13 00:25:20 -07:00
parent 3ea2e7eaaa
commit 14d9c8bec6
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/matrix.nix
View File

@@ -65,8 +65,8 @@ in
domain = matrixRtcDomain; domain = matrixRtcDomain;
tls_port = 5349; tls_port = 5349;
udp_port = 3478; udp_port = 3478;
cert_file = "/var/lib/acme/${matrixRtcDomain}/fullchain.pem"; cert_file = "/run/credentials/livekit.service/turn-cert";
key_file = "/var/lib/acme/${matrixRtcDomain}/key.pem"; key_file = "/run/credentials/livekit.service/turn-key";
}; };
}; };
keyFile = livekitKeyFile; keyFile = livekitKeyFile;
@@ -80,7 +80,10 @@ in
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName; systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName;
systemd.services.livekit.serviceConfig.SupplementaryGroups = [ "acme" ]; systemd.services.livekit.serviceConfig.LoadCredential = [
"turn-cert:/var/lib/acme/${matrixRtcDomain}/fullchain.pem"
"turn-key:/var/lib/acme/${matrixRtcDomain}/key.pem"
];
systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ]; systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ];
systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ]; systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ];

8
modules/nginx.nix
View File

@@ -402,6 +402,14 @@ in
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type" always;
if ($request_method = OPTIONS) {
return 204;
}
''; '';
}; };