From 410ab37a91c69d2cb07b5cb53ce819edc77ed74b Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Fri, 13 Feb 2026 10:21:31 -0700 Subject: [PATCH] Uncommented --- modules/matrix.nix | 98 +++++++++++++++++++++++----------------------- modules/nginx.nix | 56 +++++++++++++------------- 2 files changed, 77 insertions(+), 77 deletions(-) diff --git a/modules/matrix.nix b/modules/matrix.nix index effadcd..78bab92 100644 --- a/modules/matrix.nix +++ b/modules/matrix.nix @@ -47,59 +47,59 @@ in }; }; - # services.livekit = { - # enable = true; - # openFirewall = true; - # settings = { - # port = 7880; - # rtc = { - # port_range_start = 50000; - # port_range_end = 60000; - # tcp_port = 7881; - # use_external_ip = true; - # allow_tcp_fallback = true; - # }; - # room.auto_create = true; - # turn = { - # enabled = true; - # domain = matrixRtcDomain; - # tls_port = 5349; - # udp_port = 3478; - # relay_range_start = 50000; - # relay_range_end = 60000; - # cert_file = "/run/credentials/livekit.service/turn-cert"; - # key_file = "/run/credentials/livekit.service/turn-key"; - # }; - # }; - # keyFile = livekitKeyFile; - # }; + services.livekit = { + enable = true; + openFirewall = true; + settings = { + port = 7880; + rtc = { + port_range_start = 50000; + port_range_end = 60000; + tcp_port = 7881; + use_external_ip = true; + allow_tcp_fallback = true; + }; + room.auto_create = true; + turn = { + enabled = true; + domain = matrixRtcDomain; + tls_port = 5349; + udp_port = 3478; + relay_range_start = 50000; + relay_range_end = 60000; + cert_file = "/run/credentials/livekit.service/turn-cert"; + key_file = "/run/credentials/livekit.service/turn-key"; + }; + }; + keyFile = livekitKeyFile; + }; - # services.lk-jwt-service = { - # enable = true; - # livekitUrl = "wss://${matrixRtcDomain}"; - # keyFile = livekitKeyFile; - # }; + services.lk-jwt-service = { + enable = true; + livekitUrl = "wss://${matrixRtcDomain}"; + keyFile = livekitKeyFile; + }; - # systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName; + systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = serverName; - # systemd.services.livekit.serviceConfig.LoadCredential = [ - # "turn-cert:/var/lib/acme/${matrixRtcDomain}/fullchain.pem" - # "turn-key:/var/lib/acme/${matrixRtcDomain}/key.pem" - # ]; - # systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ]; - # systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ]; + systemd.services.livekit.serviceConfig.LoadCredential = [ + "turn-cert:/var/lib/acme/${matrixRtcDomain}/fullchain.pem" + "turn-key:/var/lib/acme/${matrixRtcDomain}/key.pem" + ]; + systemd.services.livekit.after = [ "acme-${matrixRtcDomain}.service" ]; + systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ]; - # systemd.services.livekit-key = { - # before = [ "lk-jwt-service.service" "livekit.service" ]; - # wantedBy = [ "multi-user.target" ]; - # path = with pkgs; [ livekit coreutils gawk ]; - # script = '' - # echo "Key missing, generating key" - # echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}" - # ''; - # serviceConfig.Type = "oneshot"; - # unitConfig.ConditionPathExists = "!${livekitKeyFile}"; - # }; + systemd.services.livekit-key = { + before = [ "lk-jwt-service.service" "livekit.service" ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ livekit coreutils gawk ]; + script = '' + echo "Key missing, generating key" + echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}" + ''; + serviceConfig.Type = "oneshot"; + unitConfig.ConditionPathExists = "!${livekitKeyFile}"; + }; networking.firewall = { allowedTCPPorts = [ 7880 7881 5349 ]; diff --git a/modules/nginx.nix b/modules/nginx.nix index b891620..6cd620c 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -391,36 +391,36 @@ in }; }; - # "matrixrtc.atri.dad" = { - # enableACME = true; - # forceSSL = true; + "matrixrtc.atri.dad" = { + enableACME = true; + forceSSL = true; - # # lk-jwt-service (handles its own CORS) - # locations."~ ^(/sfu/get|/healthz)" = { - # priority = 400; - # proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}"; - # extraConfig = '' - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # ''; - # }; + # lk-jwt-service (handles its own CORS) + locations."~ ^(/sfu/get|/healthz)" = { + priority = 400; + proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; - # # livekit - # locations."/" = { - # proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}"; - # proxyWebsockets = true; - # extraConfig = '' - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_read_timeout 300; - # proxy_send_timeout 300; - # ''; - # }; - # }; + # livekit + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_send_timeout 300; + ''; + }; + }; "atash.dev" = { enableACME = true;