mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

repeated_keys

Browse Source
This commit is contained in:
mjallen18
2026-04-05 14:15:20 -05:00
parent 14477a8d85
commit c439495d7a
11 changed files with 559 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
modules/nixos/services/matrix/livekit.nix
View File

@@ -31,83 +31,89 @@ let
in
{
config = lib.mkIf cfg.enable {
services.livekit = {
enable = true;
openFirewall = true;
settings.room.auto_create = false;
inherit keyFile;
};
services.lk-jwt-service = {
enable = true;
port = 8585;
# can be on the same virtualHost as synapse
livekitUrl = "wss://mjallen.dev/livekit/sfu";
inherit keyFile;
};
# generate the key when needed
systemd.services.livekit-key = {
before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
echo "Key missing, generating key"
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
# restrict access to livekit room creation to a homeserver
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = "mjallen.dev";
services.nginx = {
enable = true;
defaultHTTPListenPort = 8188;
virtualHosts = {
"matrix.mjallen.dev".locations = {
"= /.well-known/matrix/client" = {
alias = file;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
"mjallen.dev".locations = {
"= /.well-known/matrix/client" = {
alias = file;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
services = {
livekit = {
enable = true;
openFirewall = true;
settings.room.auto_create = false;
inherit keyFile;
};
lk-jwt-service = {
enable = true;
port = 8585;
# can be on the same virtualHost as synapse
livekitUrl = "wss://mjallen.dev/livekit/sfu";
inherit keyFile;
};
nginx = {
enable = true;
defaultHTTPListenPort = 8188;
virtualHosts = {
"matrix.mjallen.dev".locations = {
"= /.well-known/matrix/client" = {
alias = file;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
"mjallen.dev".locations = {
"= /.well-known/matrix/client" = {
alias = file;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
"^~ /livekit/jwt/" = {
priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
};
"^~ /livekit/jwt/" = {
priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
};
"^~ /livekit/sfu/" = {
extraConfig = ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
"^~ /livekit/sfu/" = {
extraConfig = ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
priority = 400;
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
proxyWebsockets = true;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
priority = 400;
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
proxyWebsockets = true;
};
};
};
};
};
# generate the key when needed
systemd = {
services = {
livekit-key = {
before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
echo "Key missing, generating key"
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
# restrict access to livekit room creation to a homeserver
lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = "mjallen.dev";
};
};
};
}