From ff3c4f6faf0053fd3a4b860ad5c8214a3d09ecdf Mon Sep 17 00:00:00 2001 From: DerGrumpf Date: Mon, 27 Apr 2026 21:16:30 +0200 Subject: [PATCH] Added Livekit --- flake.lock | 6 +- hosts/cyper-proxy/configuration.nix | 1 + nixos/roles/livekit.nix | 90 ++++++++++++++++++----------- nixos/roles/matrix/clients.nix | 5 +- nixos/roles/matrix/synapse.nix | 2 + nixos/roles/nginx.nix | 22 ++++++- 6 files changed, 86 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index 50881ba..beb3a51 100644 --- a/flake.lock +++ b/flake.lock @@ -707,11 +707,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775423009, - "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", + "lastModified": 1776877367, + "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", + "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57", "type": "github" }, "original": { diff --git a/hosts/cyper-proxy/configuration.nix b/hosts/cyper-proxy/configuration.nix index d2c0f1c..75f2ddd 100644 --- a/hosts/cyper-proxy/configuration.nix +++ b/hosts/cyper-proxy/configuration.nix @@ -4,6 +4,7 @@ ./hardware-configuration.nix ../../nixos/roles/nginx.nix ../../nixos/roles/livekit.nix + ../../nixos/roles/jitsi.nix ]; networking = { diff --git a/nixos/roles/livekit.nix b/nixos/roles/livekit.nix index 4bd504b..c5c8a71 100644 --- a/nixos/roles/livekit.nix +++ b/nixos/roles/livekit.nix @@ -1,45 +1,67 @@ { pkgs, ... }: - let keyFile = "/run/livekit/livekit.key"; domain = "cyperpunk.de"; - synapseUrl = "http://100.109.179.25:8008"; # Tailscale IP of cyper-controller + synapseUrl = "http://100.109.179.25:8008"; in { - services.livekit = { - enable = true; - openFirewall = true; - inherit keyFile; - settings.room.auto_create = false; + services = { + livekit = { + enable = true; + openFirewall = true; + inherit keyFile; + settings = { + rtc = { + tcp_port = 7881; + udp_port = 7882; + port_range_start = 50000; + port_range_end = 60000; + use_external_ip = true; + node_ip = "178.254.8.35"; + }; + room = { + auto_create = false; + enabled_codecs = [ + { mime = "video/VP8"; } + { mime = "video/VP9"; } + { mime = "video/H264"; } + { mime = "audio/opus"; } + ]; + enable_remote_unmute = true; + }; + }; + }; + + lk-jwt-service = { + enable = true; + livekitUrl = "ws://127.0.0.1:7880"; + inherit keyFile; + }; }; - services.lk-jwt-service = { - enable = true; - livekitUrl = "wss://${domain}/livekit/sfu"; - inherit keyFile; - }; + systemd.services = { + livekit-key = { + before = [ + "lk-jwt-service.service" + "livekit.service" + ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + livekit + coreutils + gawk + ]; + script = '' + mkdir -p /run/livekit + echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}" + ''; + serviceConfig.Type = "oneshot"; + unitConfig.ConditionPathExists = "!${keyFile}"; + }; - systemd.services.livekit-key = { - before = [ - "lk-jwt-service.service" - "livekit.service" - ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ - livekit - coreutils - gawk - ]; - script = '' - mkdir -p /run/livekit - echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}" - ''; - serviceConfig.Type = "oneshot"; - unitConfig.ConditionPathExists = "!${keyFile}"; - }; - - systemd.services.lk-jwt-service.environment = { - LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; - MATRIX_BASE_URL = synapseUrl; # tells lk-jwt-service where to validate tokens + lk-jwt-service.environment = { + LIVEKIT_FULL_ACCESS_HOMESERVERS = domain; + MATRIX_BASE_URL = synapseUrl; + }; }; } diff --git a/nixos/roles/matrix/clients.nix b/nixos/roles/matrix/clients.nix index e0ba613..9123709 100644 --- a/nixos/roles/matrix/clients.nix +++ b/nixos/roles/matrix/clients.nix @@ -126,9 +126,12 @@ let preferred_domain = "jitsi.cyperpunk.de"; }; element_call = { - url = "https://cyperpunk.de/livekit/jwt"; + url = "https://call.element.io"; use_exclusively = true; }; + livekit = { + livekit_service_url = "https://cyperpunk.de/livekit/jwt"; + }; setting_defaults = { custom_themes = catppuccinThemes; feature_custom_themes = true; diff --git a/nixos/roles/matrix/synapse.nix b/nixos/roles/matrix/synapse.nix index 4ef23dd..8bd271c 100644 --- a/nixos/roles/matrix/synapse.nix +++ b/nixos/roles/matrix/synapse.nix @@ -33,6 +33,8 @@ experimental_features = { "msc3266_enabled" = true; "msc3779_enabled" = true; + "msc3401_enabled" = true; + "msc4143_enabled" = true; }; listeners = [ { diff --git a/nixos/roles/nginx.nix b/nixos/roles/nginx.nix index d61f342..e521389 100644 --- a/nixos/roles/nginx.nix +++ b/nixos/roles/nginx.nix @@ -34,7 +34,17 @@ let extraConfig = '' default_type application/json; add_header Access-Control-Allow-Origin *; - return 200 '{"m.homeserver":{"base_url":"https://matrix.cyperpunk.de"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://cyperpunk.de/livekit/jwt"}]}'; + return 200 '{ + "m.homeserver":{ + "base_url":"https://matrix.cyperpunk.de" + }, + "org.matrix.msc4143.rtc_foci":[ + { + "type":"livekit", + "livekit_service_url":"https://cyperpunk.de/livekit/jwt" + } + ] + }'; ''; }; "/.well-known/matrix/server" = { @@ -102,7 +112,7 @@ in proxyPass = "http://${upstream}:8008"; proxyWebsockets = true; }; - "^~ /livekit/jwt/" = { + "^~ /livekit/jwt" = { priority = 400; proxyPass = "http://127.0.0.1:8080"; }; @@ -110,6 +120,14 @@ in priority = 400; proxyPass = "http://127.0.0.1:7880"; proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + ''; }; }; };