From 59907f7ece32cb159bddfd96527224fbda58f60c Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Thu, 30 Apr 2026 13:22:20 +0200 Subject: [PATCH] WIP: Livekit --- hosts/cyper-proxy/configuration.nix | 2 +- nixos/roles/livekit.nix | 68 ----------------------------- nixos/roles/matrix/clients.nix | 4 +- nixos/roles/matrix/default.nix | 2 +- nixos/roles/matrix/livekit.nix | 30 +++++++++++++ nixos/roles/matrix/lk-jwt.nix | 19 ++++++++ nixos/roles/matrix/synapse.nix | 1 + nixos/roles/nginx.nix | 4 +- 8 files changed, 56 insertions(+), 74 deletions(-) delete mode 100644 nixos/roles/livekit.nix create mode 100644 nixos/roles/matrix/livekit.nix create mode 100644 nixos/roles/matrix/lk-jwt.nix diff --git a/hosts/cyper-proxy/configuration.nix b/hosts/cyper-proxy/configuration.nix index 0436356..2439248 100644 --- a/hosts/cyper-proxy/configuration.nix +++ b/hosts/cyper-proxy/configuration.nix @@ -3,7 +3,7 @@ imports = [ ./hardware-configuration.nix ../../nixos/roles/nginx.nix - ../../nixos/roles/livekit.nix + ../../nixos/roles/matrix/livekit.nix ../../nixos/roles/jitsi.nix ]; diff --git a/nixos/roles/livekit.nix b/nixos/roles/livekit.nix deleted file mode 100644 index bf2dbf2..0000000 --- a/nixos/roles/livekit.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ pkgs, ... }: -let - keyFile = "/run/livekit/livekit.key"; - domain = "cyperpunk.de"; - synapseUrl = "http://100.109.179.25:8008"; -in -{ - services = { - livekit = { - enable = true; - openFirewall = true; - inherit keyFile; - settings = { - rtc = { - tcp_port = 7881; - udp_port = 7882; - port_range_start = 50000; - port_range_end = 60000; - use_external_ip = true; - node_ip = "178.254.8.35"; - }; - room = { - auto_create = false; - enabled_codecs = [ - { mime = "video/VP8"; } - { mime = "video/VP9"; } - { mime = "video/H264"; } - { mime = "audio/opus"; } - ]; - enable_remote_unmute = true; - }; - }; - }; - - lk-jwt-service = { - enable = true; - #livekitUrl = "wss://cyperpunk.de/livekit/sfu"; - inherit keyFile; - livekitUrl = "wss://127.0.0.1:7880"; - }; - }; - - systemd.services = { - livekit-key = { - before = [ - "lk-jwt-service.service" - "livekit.service" - ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - livekit - coreutils - gawk - ]; - script = '' - mkdir -p /run/livekit - echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}" - ''; - serviceConfig.Type = "oneshot"; - unitConfig.ConditionPathExists = "!${keyFile}"; - }; - - lk-jwt-service.environment = { - LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; - MATRIX_BASE_URL = synapseUrl; - }; - }; -} diff --git a/nixos/roles/matrix/clients.nix b/nixos/roles/matrix/clients.nix index 2b96d04..797728e 100644 --- a/nixos/roles/matrix/clients.nix +++ b/nixos/roles/matrix/clients.nix @@ -126,13 +126,13 @@ let preferred_domain = "jitsi.cyperpunk.de"; }; element_call = { - url = "https://element.cyperpunk.de/widgets/element-call"; + url = "https://element-call.cyperpunk.de"; use_exclusively = true; participant_limit = 8; brand = "Cyperpunk Call"; }; livekit = { - livekit_service_url = "https://cyperpunk.de/livekit/jwt"; + livekit_service_url = "https://cyperpunk.de/livekit/jwt/"; }; setting_defaults = { custom_themes = catppuccinThemes; diff --git a/nixos/roles/matrix/default.nix b/nixos/roles/matrix/default.nix index 6e5b359..5a89637 100644 --- a/nixos/roles/matrix/default.nix +++ b/nixos/roles/matrix/default.nix @@ -4,8 +4,8 @@ { imports = [ ./synapse.nix - # ./coturn.nix ./clients.nix + ./lk-jwt.nix ]; #networking.firewall = { diff --git a/nixos/roles/matrix/livekit.nix b/nixos/roles/matrix/livekit.nix new file mode 100644 index 0000000..a4d243d --- /dev/null +++ b/nixos/roles/matrix/livekit.nix @@ -0,0 +1,30 @@ +{ config, ... }: +{ + sops.secrets.livekit_key = { }; + + services.livekit = { + enable = true; + openFirewall = true; + keyFile = config.sops.secrets.livekit_key.path; + settings = { + rtc = { + tcp_port = 7881; + udp_port = 7882; + port_range_start = 50000; + port_range_end = 60000; + use_external_ip = true; + node_ip = "178.254.8.35"; + }; + room = { + auto_create = false; + enabled_codecs = [ + { mime = "video/VP8"; } + { mime = "video/VP9"; } + { mime = "video/H264"; } + { mime = "audio/opus"; } + ]; + enable_remote_unmute = true; + }; + }; + }; +} diff --git a/nixos/roles/matrix/lk-jwt.nix b/nixos/roles/matrix/lk-jwt.nix new file mode 100644 index 0000000..fa06b39 --- /dev/null +++ b/nixos/roles/matrix/lk-jwt.nix @@ -0,0 +1,19 @@ +{ config, ... }: +let + domain = "cyperpunk.de"; + synapseUrl = "http://100.109.179.25:8008"; +in +{ + sops.secrets.livekit_key = { }; + + services.lk-jwt-service = { + enable = true; + keyFile = config.sops.secrets.livekit_key.path; + livekitUrl = "wss://cyperpunk.de/livekit/sfu"; + }; + + systemd.services.lk-jwt-service.environment = { + LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; + MATRIX_BASE_URL = synapseUrl; + }; +} diff --git a/nixos/roles/matrix/synapse.nix b/nixos/roles/matrix/synapse.nix index a96c616..e6e5497 100644 --- a/nixos/roles/matrix/synapse.nix +++ b/nixos/roles/matrix/synapse.nix @@ -49,6 +49,7 @@ names = [ "client" "federation" + "openid" ]; compress = false; } diff --git a/nixos/roles/nginx.nix b/nixos/roles/nginx.nix index f96e7ba..00a7162 100644 --- a/nixos/roles/nginx.nix +++ b/nixos/roles/nginx.nix @@ -41,7 +41,7 @@ let "org.matrix.msc4143.rtc_foci":[ { "type":"livekit", - "livekit_service_url":"https://cyperpunk.de/livekit/jwt" + "livekit_service_url":"https://cyperpunk.de/livekit/jwt/" } ] }'; @@ -116,7 +116,7 @@ in }; "^~ /livekit/jwt/" = { priority = 400; - proxyPass = "http://127.0.0.1:8080/"; + proxyPass = "http://${upstream}:8080/"; }; "^~ /livekit/sfu/" = { priority = 400;