fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Setup element-call

Browse source
This commit is contained in:
fi 2025-05-07 05:09:07 +02:00
commit e99c3eea15
9 changed files with 73 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
config/hosts/matrix/default.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./element-call.nix
./hardware-configuration.nix ./hardware-configuration.nix
./postgresql.nix ./postgresql.nix
./matrix-authentication-service.nix ./matrix-authentication-service.nix

15
config/hosts/matrix/element-call.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
services.livekit = {
enable = true;
settings.rtc.use_external_ip = true;
openFirewall = true;
keyFile = "/secrets/matrix-livekit-secret-key.secret";
};
services.lk-jwt-service = {
enable = true;
port = 8082;
livekitUrl = "wss://matrix-rtc.nekover.se/livekit/sfu";
keyFile = "/secrets/matrix-livekit-secret-key.secret";
};
}

22
config/hosts/matrix/matrix-synapse.nix
View file

@ -46,6 +46,28 @@
]; ];
turn_user_lifetime = 86400000; turn_user_lifetime = 86400000;
turn_allow_guests = true; turn_allow_guests = true;
experimental_features = {
# MSC3266: Room summary API. Used for knocking over federation
msc3266_enabled = true;
# MSC4222 needed for syncv2 state_after. This allow clients to
# correctly track the state of the room.
msc4222_enabled = true;
};
# The maximum allowed duration by which sent events can be delayed, as
# per MSC4140.
max_event_delay_duration = "24h";
rc_message = {
# This needs to match at least e2ee key sharing frequency plus a bit of headroom
# Note key sharing events are bursty
per_second = 0.5;
burst_count = 30;
};
rc_delayed_event_mgmt = {
# This needs to match at least the heart-beat frequency plus a bit of headroom
# Currently the heart-beat is every 5 seconds which translates into a rate of 0.2s
per_second = 1;
burst_count = 20;
};
}; };
extras = [ "oidc" ]; extras = [ "oidc" ];
extraConfigFiles = [ extraConfigFiles = [

23
config/hosts/matrix/nginx.nix
View file

@ -57,6 +57,29 @@
extraConfig = '' extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol; listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
"matrix-rtc.nekover.se" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
];
locations."^~ /livekit/jwt/" = {
proxyPass = "http://localhost:8082/";
};
locations."^~ /livekit/sfu/" = {
proxyPass = "http://localhost:7880/";
proxyWebsockets = true;
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100; set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
''; '';

8
config/hosts/matrix/secrets.nix
View file

@ -49,5 +49,13 @@
permissions = "0640"; permissions = "0640";
uploadAt = "pre-activation"; uploadAt = "pre-activation";
}; };
"matrix-livekit-secret-key.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/livekit-secret-key" ];
destDir = "/secrets";
user = "root";
group = "root";
permissions = "0640";
uploadAt = "pre-activation";
};
}; };
} }

1
config/hosts/web-public-2/nginx.nix
View file

@ -27,6 +27,7 @@
id.nekover.se 10.202.41.124:8443; id.nekover.se 10.202.41.124:8443;
mas.nekover.se 10.202.41.112:8443; mas.nekover.se 10.202.41.112:8443;
matrix.nekover.se 10.202.41.112:8443; matrix.nekover.se 10.202.41.112:8443;
matrix-rtc.nekover.se 10.202.41.112:8443;
mewtube.nekover.se 127.0.0.1:8443; mewtube.nekover.se 127.0.0.1:8443;
nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443;
nix-cache.nekover.se 10.202.41.121:8443; nix-cache.nekover.se 10.202.41.121:8443;

1
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -5,6 +5,7 @@ let
"mail-1.grzb.de" = "mail-1.vs.grzb.de"; "mail-1.grzb.de" = "mail-1.vs.grzb.de";
"mas.nekover.se" = "matrix.vs.grzb.de"; "mas.nekover.se" = "matrix.vs.grzb.de";
"matrix.nekover.se" = "matrix.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de";
"matrix-rtc.nekover.se" = "matrix.vs.grzb.de";
"netbox.grzb.de" = "netbox.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de";
"git.nekover.se" = "forgejo.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de";
"grafana.grzb.de" = "metrics.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de";

2
config/hosts/web-public-2/virtualHosts/nekover.se.nix
View file

@ -16,7 +16,7 @@
''; '';
}; };
locations."/.well-known/matrix/client" = { locations."/.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}, \"org.matrix.msc2965.authentication\": {\"issuer\": \"https://mas.nekover.se\", \"account\": \"https://mas.nekover.se/account\"}}'"; return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"},\"org.matrix.msc2965.authentication\": {\"issuer\": \"https://mas.nekover.se\", \"account\": \"https://mas.nekover.se/account\"}, \"org.matrix.msc4143.rtc_foci\": [{\"type\": \"livekit\", \"livekit_service_url\": \"https://matrix-rtc.nekover.se/livekit/jwt\"}, {\"type\": \"nextgen_new_foci_type\", \"props_for_nextgen_foci\": \"val\"}]}'";
extraConfig = '' extraConfig = ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;

1
hosts.nix
View file

@ -68,6 +68,7 @@ in
environment = "proxmox"; environment = "proxmox";
}; };
matrix = { matrix = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };