Uncommented

modules/matrix.nix

@@ -47,59 +47,59 @@ in
     };
   };
 
-  # services.livekit = {
-  #   enable = true;
-  #   openFirewall = true;
-  #   settings = {
-  #     port = 7880;
-  #     rtc = {
-  #       port_range_start = 50000;
-  #       port_range_end = 60000;
-  #       tcp_port = 7881;
-  #       use_external_ip = true;
-  #       allow_tcp_fallback = true;
-  #     };
-  #     room.auto_create = true;
-  #     turn = {
-  #       enabled = true;
-  #       domain = matrixRtcDomain;
-  #       tls_port = 5349;
-  #       udp_port = 3478;
-  #       relay_range_start = 50000;
-  #       relay_range_end = 60000;
-  #       cert_file = "/run/credentials/livekit.service/turn-cert";
-  #       key_file = "/run/credentials/livekit.service/turn-key";
-  #     };
-  #   };
-  #   keyFile = livekitKeyFile;
-  # };
+  services.livekit = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      port = 7880;
+      rtc = {
+        port_range_start = 50000;
+        port_range_end = 60000;
+        tcp_port = 7881;
+        use_external_ip = true;
+        allow_tcp_fallback = true;
+      };
+      room.auto_create = true;
+      turn = {
+        enabled = true;
+        domain = matrixRtcDomain;
+        tls_port = 5349;
+        udp_port = 3478;
+        relay_range_start = 50000;
+        relay_range_end = 60000;
+        cert_file = "/run/credentials/livekit.service/turn-cert";
+        key_file = "/run/credentials/livekit.service/turn-key";
+      };
+    };
+    keyFile = livekitKeyFile;
+  };
 
-  # services.lk-jwt-service = {
-  #   enable = true;
-  #   livekitUrl = "wss://${matrixRtcDomain}";
-  #   keyFile = livekitKeyFile;
-  # };
+  services.lk-jwt-service = {
+    enable = true;
+    livekitUrl = "wss://${matrixRtcDomain}";
+    keyFile = livekitKeyFile;
+  };
 
-  # systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName;
+  systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName;
 
-  # systemd.services.livekit.serviceConfig.LoadCredential = [
-  #   "turn-cert:/var/lib/acme/${matrixRtcDomain}/fullchain.pem"
-  #   "turn-key:/var/lib/acme/${matrixRtcDomain}/key.pem"
-  # ];
-  # systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ];
-  # systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ];
+  systemd.services.livekit.serviceConfig.LoadCredential = [
+    "turn-cert:/var/lib/acme/${matrixRtcDomain}/fullchain.pem"
+    "turn-key:/var/lib/acme/${matrixRtcDomain}/key.pem"
+  ];
+  systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ];
+  systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ];
 
-  # systemd.services.livekit-key = {
-  #   before = [ "lk-jwt-service.service" "livekit.service" ];
-  #   wantedBy = [ "multi-user.target" ];
-  #   path = with pkgs; [ livekit coreutils gawk ];
-  #   script = ''
-  #     echo "Key missing, generating key"
-  #     echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}"
-  #   '';
-  #   serviceConfig.Type = "oneshot";
-  #   unitConfig.ConditionPathExists = "!${livekitKeyFile}";
-  # };
+  systemd.services.livekit-key = {
+    before = [ "lk-jwt-service.service" "livekit.service" ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [ livekit coreutils gawk ];
+    script = ''
+      echo "Key missing, generating key"
+      echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}"
+    '';
+    serviceConfig.Type = "oneshot";
+    unitConfig.ConditionPathExists = "!${livekitKeyFile}";
+  };
 
   networking.firewall = {
     allowedTCPPorts = [ 7880 7881 5349 ];

modules/nginx.nix

@@ -391,36 +391,36 @@ in
         };
       };
 
-      # "matrixrtc.atri.dad" = {
-      #   enableACME = true;
-      #   forceSSL = true;
+      "matrixrtc.atri.dad" = {
+        enableACME = true;
+        forceSSL = true;
 
-      #   # lk-jwt-service (handles its own CORS)
-      #   locations."~ ^(/sfu/get|/healthz)" = {
-      #     priority = 400;
-      #     proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}";
-      #     extraConfig = ''
-      #       proxy_set_header Host $host;
-      #       proxy_set_header X-Real-IP $remote_addr;
-      #       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      #       proxy_set_header X-Forwarded-Proto $scheme;
-      #     '';
-      #   };
+        # lk-jwt-service (handles its own CORS)
+        locations."~ ^(/sfu/get|/healthz)" = {
+          priority = 400;
+          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}";
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          '';
+        };
 
-      #   # livekit
-      #   locations."/" = {
-      #     proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}";
-      #     proxyWebsockets = true;
-      #     extraConfig = ''
-      #       proxy_set_header Host $host;
-      #       proxy_set_header X-Real-IP $remote_addr;
-      #       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      #       proxy_set_header X-Forwarded-Proto $scheme;
-      #       proxy_read_timeout 300;
-      #       proxy_send_timeout 300;
-      #     '';
-      #   };
-      # };
+        # livekit
+        locations."/" = {
+          proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_read_timeout 300;
+            proxy_send_timeout 300;
+          '';
+        };
+      };
 
       "atash.dev" = {
         enableACME = true;