servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feat: add matrix-rtc' (#1) from matrix-rtc into master
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details

Browse Source 
Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
Servius
2026-02-23 19:42:06 +08:00
parent 34160d0de4 1ac96316ea
commit e9aed100af
6 changed files with 114 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
home/accounts/fastmail.nix
View File

@@ -60,8 +60,6 @@
}; };
}; };
}; };
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# accounts.email.accounts.<name>.mbsync.create # accounts.email.accounts.<name>.mbsync.create
# services.mbsync.enable = true; # services.mbsync.enable = true;
} }

1
home/programs/default.nix
View File

@@ -82,5 +82,6 @@
./yazi.nix ./yazi.nix
./yt-dlp.nix ./yt-dlp.nix
./zoxide.nix ./zoxide.nix
./yq.nix
]; ];
} }

22
home/programs/neomutt.nix
View File

@@ -37,4 +37,26 @@ in {
${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1" ${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
''} %s"; ''} %s";
}; };
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# launchd.agents.mbsync = {
# enable = true;
# config = {
# # A label for the service
# Label = "dev.darksailor.atuin-daemon";
# # The command to run
# ProgramArguments = [
# "${pkgs.atuin}/bin/atuin"
# "daemon"
# ];
# # Run the service when you log in
# RunAtLoad = true;
# # Keep the process alive, or restart if it dies
# KeepAlive = true;
# # Log files
# StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
# StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
# };
# };
} }

1
home/programs/yq.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.yq];}

52
modules/nixos/affine.nix
View File

@@ -67,12 +67,12 @@ in {
}; };
environmentFiles = cfg.environmentFiles; environmentFiles = cfg.environmentFiles;
extraOptions = [ extraOptions = [
"--network=affine-net"
"--health-cmd=pg_isready -U ${dbUser} -d ${dbName}" "--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
"--health-interval=10s" "--health-interval=10s"
"--health-timeout=5s" "--health-timeout=5s"
"--health-retries=5" "--health-retries=5"
]; ];
networks = ["affine-net"];
}; };
affine-redis = { affine-redis = {
@@ -80,8 +80,8 @@ in {
volumes = [ volumes = [
"${cfg.dataDir}/redis:/data" "${cfg.dataDir}/redis:/data"
]; ];
networks = ["affine-net"];
extraOptions = [ extraOptions = [
"--network=affine-net"
"--health-cmd=redis-cli --raw incr ping" "--health-cmd=redis-cli --raw incr ping"
"--health-interval=10s" "--health-interval=10s"
"--health-timeout=5s" "--health-timeout=5s"
@@ -111,9 +111,7 @@ in {
AFFINE_INDEXER_ENABLED = "false"; AFFINE_INDEXER_ENABLED = "false";
}; };
environmentFiles = cfg.environmentFiles; environmentFiles = cfg.environmentFiles;
extraOptions = [ networks = ["affine-net"];
"--network=affine-net"
];
}; };
affine-migration = { affine-migration = {
@@ -133,34 +131,32 @@ in {
AFFINE_INDEXER_ENABLED = "false"; AFFINE_INDEXER_ENABLED = "false";
}; };
environmentFiles = cfg.environmentFiles; environmentFiles = cfg.environmentFiles;
extraOptions = [ networks = ["affine-net"];
"--network=affine-net"
];
}; };
}; };
}; };
# Create the Docker network # Create the Docker network
systemd.services.affine-network = { # systemd.services.affine-network = {
description = "Create AFFiNE Docker network"; # description = "Create AFFiNE Docker network";
after = ["docker.service"]; # after = ["docker.service"];
wantedBy = ["multi-user.target"]; # wantedBy = ["multi-user.target"];
serviceConfig = { # serviceConfig = {
Type = "oneshot"; # Type = "oneshot";
RemainAfterExit = true; # RemainAfterExit = true;
ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net"; # # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net"; # # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
}; # };
}; # };
#
# Ensure containers start after the network is created # Ensure containers start after the network is created
systemd.services.docker-affine.after = ["affine-network.service"]; # systemd.services.docker-affine.after = ["affine-network.service"];
systemd.services.docker-affine.requires = ["affine-network.service"]; # systemd.services.docker-affine.requires = ["affine-network.service"];
systemd.services.docker-affine-postgres.after = ["affine-network.service"]; # systemd.services.docker-affine-postgres.after = ["affine-network.service"];
systemd.services.docker-affine-postgres.requires = ["affine-network.service"]; # systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
systemd.services.docker-affine-redis.after = ["affine-network.service"]; # systemd.services.docker-affine-redis.after = ["affine-network.service"];
systemd.services.docker-affine-redis.requires = ["affine-network.service"]; # systemd.services.docker-affine-redis.requires = ["affine-network.service"];
systemd.services.docker-affine-migration.after = ["affine-network.service"]; # systemd.services.docker-affine-migration.after = ["affine-network.service"];
systemd.services.docker-affine-migration.requires = ["affine-network.service"]; # systemd.services.docker-affine-migration.requires = ["affine-network.service"];
}; };
} }

70
nixos/tako/services/matrix/tuwunel.nix
View File

@@ -6,6 +6,8 @@
port = 6167; port = 6167;
base_domain = "darksailor.dev"; base_domain = "darksailor.dev";
client_id = "tuwunel"; client_id = "tuwunel";
rtc_domain = "matrix-rtc.${base_domain}";
jwt_port = 8081;
elementConfig = builtins.toJSON { elementConfig = builtins.toJSON {
default_server_config = { default_server_config = {
"m.homeserver" = { "m.homeserver" = {
@@ -32,6 +34,11 @@ in {
mode = "0440"; mode = "0440";
}; };
secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user; secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
secrets."livekit/key_name" = {};
secrets."livekit/key_secret" = {};
templates."livekit-keys".content = ''
${config.sops.placeholder."livekit/key_name"}: ${config.sops.placeholder."livekit/key_secret"}
'';
}; };
services.matrix-tuwunel = { services.matrix-tuwunel = {
enable = true; enable = true;
@@ -56,6 +63,12 @@ in {
well_known = { well_known = {
client = "https://matrix.${base_domain}"; client = "https://matrix.${base_domain}";
server = "matrix.${base_domain}:443"; server = "matrix.${base_domain}:443";
rtc_transports = [
{
type = "livekit";
livekit_service_url = "https://${rtc_domain}";
}
];
}; };
}; };
package = pkgs.matrix-tuwunel; package = pkgs.matrix-tuwunel;
@@ -73,14 +86,63 @@ in {
"${base_domain}".extraConfig = '' "${base_domain}".extraConfig = ''
reverse_proxy /.well-known/* localhost:${toString port} reverse_proxy /.well-known/* localhost:${toString port}
''; '';
# "matrix.${base_domain}:8448".extraConfig = '' "${rtc_domain}".extraConfig = ''
# reverse_proxy /_matrix/* localhost:${toString port} @jwt_service {
# ''; path /sfu/get* /healthz*
}
handle @jwt_service {
reverse_proxy localhost:${toString jwt_port}
}
handle {
reverse_proxy localhost:${toString config.services.livekit.settings.port} {
header_up Connection "upgrade"
header_up Upgrade {http.request.header.Upgrade}
}
}
'';
};
networking.firewall = {
allowedTCPPorts = [8448 7881];
allowedUDPPorts = [3478];
allowedUDPPortRanges = [
{
from = 50300;
to = 65535;
}
];
}; };
networking.firewall.allowedTCPPorts = [8448];
users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group]; users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
services.livekit = {
enable = true;
keyFile = config.sops.templates."livekit-keys".path;
openFirewall = true;
settings = {
rtc = {
tcp_port = 7881;
port_range_start = 50100;
port_range_end = 50200;
use_external_ip = true;
enable_loopback_candidate = false;
};
turn = {
enabled = true;
udp_port = 3478;
relay_range_start = 50300;
relay_range_end = 65535;
domain = rtc_domain;
};
};
};
services.lk-jwt-service = {
enable = true;
port = jwt_port;
livekitUrl = "wss://${rtc_domain}";
keyFile = config.sops.templates."livekit-keys".path;
};
services = { services = {
authelia = { authelia = {
instances.darksailor = { instances.darksailor = {