felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-04 17:20:02 +01:00
Code Issues Projects Releases Wiki Activity
Files
e2d553af196575890483db17772ab7719958d511
pvv-nixos-config/hosts/bicep/services/matrix/livekit.nix
h7x4 e5dd5b6325 bicep/matrix: attempt to set up livekit
2026-01-21 10:14:08 +09:00

68 lines
2.0 KiB
Nix
Raw Blame History

{ config, lib, fp, ... }:
let
synapseConfig = config.services.matrix-synapse-next;
matrixDomain = "matrix.pvv.ntnu.no";
cfg = config.services.livekit;
in
{
sops.secrets."matrix/livekit/keyfile/lk-jwt-service" = {
sopsFile = fp /secrets/bicep/matrix.yaml;
key = "livekit/keyfile/lk-jwt-service";
};
sops.templates."matrix-livekit-keyfile" = {
restartUnits = [
"livekit.service"
"lk-jwt-service.service"
];
content = ''
lk-jwt-service: ${config.sops.placeholder."matrix/livekit/keyfile/lk-jwt-service"}
'';
};
services.pvv-matrix-well-known.client = lib.mkIf cfg.enable {
"org.matrix.msc4143.rtc_foci" = [{
type = "livekit";
livekit_service_url = "https://${matrixDomain}/livekit/jwt";
}];
};
services.livekit = {
enable = true;
openFirewall = true;
keyFile = config.sops.templates."matrix-livekit-keyfile".path;
# NOTE: needed for ingress/egress workers
# redis.createLocally = true;
# settings.room.auto_create = false;
};
services.lk-jwt-service = lib.mkIf cfg.enable {
enable = true;
livekitUrl = "wss://${matrixDomain}/livekit/sfu";
keyFile = config.sops.templates."matrix-livekit-keyfile".path;
};
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = lib.mkIf cfg.enable matrixDomain;
services.nginx.virtualHosts.${matrixDomain} = lib.mkIf cfg.enable {
locations."^~ /livekit/jwt/" = {
proxyPass = "http://localhost:${toString config.services.lk-jwt-service.port}/";
};
# TODO: load balance to multiple livekit ingress/egress workers
locations."^~ /livekit/sfu/" = {
proxyPass = "http://localhost:${toString config.services.livekit.settings.port}/";
proxyWebsockets = true;
extraConfig = ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink