DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Livekit

Browse Source
This commit is contained in:
DerGrumpf
2026-04-27 21:16:30 +02:00
parent 4bd15188c9
commit ff3c4f6faf
6 changed files with 86 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+3 -3
View File
@@ -707,11 +707,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1775423009, "lastModified": 1776877367,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
"type": "github" "type": "github"
}, },
"original": { "original": {
hosts/cyper-proxy/configuration.nix
+1
View File
@@ -4,6 +4,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../nixos/roles/nginx.nix ../../nixos/roles/nginx.nix
../../nixos/roles/livekit.nix ../../nixos/roles/livekit.nix
../../nixos/roles/jitsi.nix
]; ];
networking = { networking = {
nixos/roles/livekit.nix
+56 -34
View File
@@ -1,45 +1,67 @@
{ pkgs, ... }: { pkgs, ... }:
let let
keyFile = "/run/livekit/livekit.key"; keyFile = "/run/livekit/livekit.key";
domain = "cyperpunk.de"; domain = "cyperpunk.de";
synapseUrl = "http://100.109.179.25:8008"; # Tailscale IP of cyper-controller synapseUrl = "http://100.109.179.25:8008";
in in
{ {
services.livekit = { services = {
enable = true; livekit = {
openFirewall = true; enable = true;
inherit keyFile; openFirewall = true;
settings.room.auto_create = false; inherit keyFile;
settings = {
rtc = {
tcp_port = 7881;
udp_port = 7882;
port_range_start = 50000;
port_range_end = 60000;
use_external_ip = true;
node_ip = "178.254.8.35";
};
room = {
auto_create = false;
enabled_codecs = [
{ mime = "video/VP8"; }
{ mime = "video/VP9"; }
{ mime = "video/H264"; }
{ mime = "audio/opus"; }
];
enable_remote_unmute = true;
};
};
};
lk-jwt-service = {
enable = true;
livekitUrl = "ws://127.0.0.1:7880";
inherit keyFile;
};
}; };
services.lk-jwt-service = { systemd.services = {
enable = true; livekit-key = {
livekitUrl = "wss://${domain}/livekit/sfu"; before = [
inherit keyFile; "lk-jwt-service.service"
}; "livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
mkdir -p /run/livekit
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
systemd.services.livekit-key = { lk-jwt-service.environment = {
before = [ LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
"lk-jwt-service.service" MATRIX_BASE_URL = synapseUrl;
"livekit.service" };
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
mkdir -p /run/livekit
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
systemd.services.lk-jwt-service.environment = {
LIVEKIT_FULL_ACCESS_HOMESERVERS = domain;
MATRIX_BASE_URL = synapseUrl; # tells lk-jwt-service where to validate tokens
}; };
} }
nixos/roles/matrix/clients.nix
+4 -1
View File
@@ -126,9 +126,12 @@ let
preferred_domain = "jitsi.cyperpunk.de"; preferred_domain = "jitsi.cyperpunk.de";
}; };
element_call = { element_call = {
url = "https://cyperpunk.de/livekit/jwt"; url = "https://call.element.io";
use_exclusively = true; use_exclusively = true;
}; };
livekit = {
livekit_service_url = "https://cyperpunk.de/livekit/jwt";
};
setting_defaults = { setting_defaults = {
custom_themes = catppuccinThemes; custom_themes = catppuccinThemes;
feature_custom_themes = true; feature_custom_themes = true;
nixos/roles/matrix/synapse.nix
+2
View File
@@ -33,6 +33,8 @@
experimental_features = { experimental_features = {
"msc3266_enabled" = true; "msc3266_enabled" = true;
"msc3779_enabled" = true; "msc3779_enabled" = true;
"msc3401_enabled" = true;
"msc4143_enabled" = true;
}; };
listeners = [ listeners = [
{ {
nixos/roles/nginx.nix
+20 -2
View File
@@ -34,7 +34,17 @@ let
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '{"m.homeserver":{"base_url":"https://matrix.cyperpunk.de"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://cyperpunk.de/livekit/jwt"}]}'; return 200 '{
"m.homeserver":{
"base_url":"https://matrix.cyperpunk.de"
},
"org.matrix.msc4143.rtc_foci":[
{
"type":"livekit",
"livekit_service_url":"https://cyperpunk.de/livekit/jwt"
}
]
}';
''; '';
}; };
"/.well-known/matrix/server" = { "/.well-known/matrix/server" = {
@@ -102,7 +112,7 @@ in
proxyPass = "http://${upstream}:8008"; proxyPass = "http://${upstream}:8008";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"^~ /livekit/jwt/" = { "^~ /livekit/jwt" = {
priority = 400; priority = 400;
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.1:8080";
}; };
@@ -110,6 +120,14 @@ in
priority = 400; priority = 400;
proxyPass = "http://127.0.0.1:7880"; proxyPass = "http://127.0.0.1:7880";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
'';
}; };
}; };
}; };