DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Livekit

Browse Source
This commit is contained in:
DerGrumpf
2026-04-27 10:25:39 +02:00
parent fa0cb9cc59
commit 4bd15188c9
5 changed files with 64 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/cyper-proxy/configuration.nix
+1 -1
View File
@@ -3,7 +3,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../nixos/roles/nginx.nix ../../nixos/roles/nginx.nix
../../nixos/roles/jitsi.nix ../../nixos/roles/livekit.nix
]; ];
networking = { networking = {
nixos/roles/livekit.nix
+45
View File
@@ -0,0 +1,45 @@
{ pkgs, ... }:
let
keyFile = "/run/livekit/livekit.key";
domain = "cyperpunk.de";
synapseUrl = "http://100.109.179.25:8008"; # Tailscale IP of cyper-controller
in
{
services.livekit = {
enable = true;
openFirewall = true;
inherit keyFile;
settings.room.auto_create = false;
};
services.lk-jwt-service = {
enable = true;
livekitUrl = "wss://${domain}/livekit/sfu";
inherit keyFile;
};
systemd.services.livekit-key = {
before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
mkdir -p /run/livekit
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
systemd.services.lk-jwt-service.environment = {
LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
MATRIX_BASE_URL = synapseUrl; # tells lk-jwt-service where to validate tokens
};
}
nixos/roles/matrix/clients.nix
+7
View File
@@ -122,6 +122,13 @@ let
server_name = "cyperpunk.de"; server_name = "cyperpunk.de";
}; };
}; };
jitsi = {
preferred_domain = "jitsi.cyperpunk.de";
};
element_call = {
url = "https://cyperpunk.de/livekit/jwt";
use_exclusively = true;
};
setting_defaults = { setting_defaults = {
custom_themes = catppuccinThemes; custom_themes = catppuccinThemes;
feature_custom_themes = true; feature_custom_themes = true;
nixos/roles/matrix/synapse.nix
+1
View File
@@ -32,6 +32,7 @@
macaroon_secret_key = "$__file{${config.sops.secrets.matrix_macaroon_secret.path}}"; macaroon_secret_key = "$__file{${config.sops.secrets.matrix_macaroon_secret.path}}";
experimental_features = { experimental_features = {
"msc3266_enabled" = true; "msc3266_enabled" = true;
"msc3779_enabled" = true;
}; };
listeners = [ listeners = [
{ {
nixos/roles/nginx.nix
+10 -1
View File
@@ -34,7 +34,7 @@ let
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver":{"base_url":"https://matrix.cyperpunk.de"}}'; return 200 '{"m.homeserver":{"base_url":"https://matrix.cyperpunk.de"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://cyperpunk.de/livekit/jwt"}]}';
''; '';
}; };
"/.well-known/matrix/server" = { "/.well-known/matrix/server" = {
@@ -102,6 +102,15 @@ in
proxyPass = "http://${upstream}:8008"; proxyPass = "http://${upstream}:8008";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"^~ /livekit/jwt/" = {
priority = 400;
proxyPass = "http://127.0.0.1:8080";
};
"^~ /livekit/sfu" = {
priority = 400;
proxyPass = "http://127.0.0.1:7880";
proxyWebsockets = true;
};
}; };
}; };
}; };