From 1ef2816a9cbb98b0e798e6e8d1cbe5bf6b9d389f Mon Sep 17 00:00:00 2001
From: Atridad Lahiji <me@atri.dad>
Date: Fri, 13 Feb 2026 10:39:38 -0700
Subject: [PATCH] This time for realzies

---
 modules/matrix.nix |  2 +-
 modules/nginx.nix  | 37 ++++++++++---------------------------
 2 files changed, 11 insertions(+), 28 deletions(-)

diff --git a/modules/matrix.nix b/modules/matrix.nix
index 78bab92..8f02c3d 100644
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@@ -39,7 +39,7 @@ in
           rtc_transports = [
             {
               type = "livekit";
-              livekit_service_url = "https://${matrixRtcDomain}";
+              livekit_service_url = "https://${matrixDomain}/livekit/jwt";
             }
           ];
         };
diff --git a/modules/nginx.nix b/modules/nginx.nix
index 3bf3c7c..1cbb93b 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -16,7 +16,7 @@ let
     "org.matrix.msc4143.rtc_foci" = [
       {
         type = "livekit";
-        livekit_service_url = "https://${matrixRtcDomain}";
+        livekit_service_url = "https://${matrixDomain}/livekit/jwt";
       }
     ];
   };
@@ -389,43 +389,26 @@ in
             client_max_body_size 100M;
           '';
         };
+
+        locations."^~ /livekit/jwt/" = {
+          priority = 400;
+          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
+        };
       };
 
       "matrixrtc.atri.dad" = {
         enableACME = true;
         forceSSL = true;
 
-        # lk-jwt-service (handles its own CORS)
-        locations."/sfu/get" = {
-          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}";
-          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-          '';
-        };
-        locations."/healthz" = {
-          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}";
-          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-          '';
-        };
-
         # livekit
         locations."/" = {
           proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}";
           proxyWebsockets = true;
           extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_read_timeout 300;
-            proxy_send_timeout 300;
+            proxy_send_timeout 120;
+            proxy_read_timeout 120;
+            proxy_buffering off;
+            proxy_set_header Accept-Encoding gzip;
           '';
         };
       };