Compare commits
7 Commits
02b8a16f41
...
matrix-rtc
| Author | SHA1 | Date | |
|---|---|---|---|
| 1ac96316ea | |||
| 8d636ce194 | |||
| bbeed99f43 | |||
| 7e6ece1b0d | |||
| 60952a0e7f | |||
| 738013df66 | |||
| 34160d0de4 |
@@ -31,9 +31,6 @@
|
|||||||
port = 465;
|
port = 465;
|
||||||
tls.enable = true;
|
tls.enable = true;
|
||||||
};
|
};
|
||||||
imapnotify = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
|
passwordCommand = ["cat" "${config.sops.secrets."accounts/mail/fastmail".path}"];
|
||||||
mbsync = {
|
mbsync = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -63,8 +60,6 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
programs.mbsync.enable = true;
|
|
||||||
services.mbsync.enable = pkgs.stdenv.isLinux;
|
|
||||||
# accounts.email.accounts.<name>.mbsync.create
|
# accounts.email.accounts.<name>.mbsync.create
|
||||||
# services.mbsync.enable = true;
|
# services.mbsync.enable = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -82,5 +82,6 @@
|
|||||||
./yazi.nix
|
./yazi.nix
|
||||||
./yt-dlp.nix
|
./yt-dlp.nix
|
||||||
./zoxide.nix
|
./zoxide.nix
|
||||||
|
./yq.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,9 @@
|
|||||||
{pkgs, ...}: {
|
{pkgs, ...}: let
|
||||||
|
theme = builtins.fetchurl {
|
||||||
|
url = "https://raw.githubusercontent.com/catppuccin/neomutt/refs/heads/main/neomuttrc";
|
||||||
|
sha256 = "sha256:1q086p5maqwxa4gh6z8g7h3nfavdmkbql025ibdhglpz46hsq0hs";
|
||||||
|
};
|
||||||
|
in {
|
||||||
programs.neomutt = {
|
programs.neomutt = {
|
||||||
enable = true;
|
enable = true;
|
||||||
vimKeys = true;
|
vimKeys = true;
|
||||||
@@ -6,6 +11,9 @@
|
|||||||
sidebar = {
|
sidebar = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
source ${theme}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
programs.notmuch = {
|
programs.notmuch = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -17,4 +25,38 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
neomutt.enable = true;
|
neomutt.enable = true;
|
||||||
};
|
};
|
||||||
|
services.imapnotify = {
|
||||||
|
enable = true;
|
||||||
|
path = [pkgs.coreutils pkgs.isync pkgs.libnotify];
|
||||||
|
};
|
||||||
|
accounts.email.accounts.fastmail.imapnotify = {
|
||||||
|
enable = true;
|
||||||
|
boxes = ["Inbox"];
|
||||||
|
onNotify = "${pkgs.writeShellScript "mbsync-notify" ''
|
||||||
|
${pkgs.isync}/bin/mbsync $1
|
||||||
|
${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
|
||||||
|
''} %s";
|
||||||
|
};
|
||||||
|
programs.mbsync.enable = true;
|
||||||
|
services.mbsync.enable = pkgs.stdenv.isLinux;
|
||||||
|
|
||||||
|
# launchd.agents.mbsync = {
|
||||||
|
# enable = true;
|
||||||
|
# config = {
|
||||||
|
# # A label for the service
|
||||||
|
# Label = "dev.darksailor.atuin-daemon";
|
||||||
|
# # The command to run
|
||||||
|
# ProgramArguments = [
|
||||||
|
# "${pkgs.atuin}/bin/atuin"
|
||||||
|
# "daemon"
|
||||||
|
# ];
|
||||||
|
# # Run the service when you log in
|
||||||
|
# RunAtLoad = true;
|
||||||
|
# # Keep the process alive, or restart if it dies
|
||||||
|
# KeepAlive = true;
|
||||||
|
# # Log files
|
||||||
|
# StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
|
||||||
|
# StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
|
||||||
|
# };
|
||||||
|
# };
|
||||||
}
|
}
|
||||||
|
|||||||
1
home/programs/yq.nix
Normal file
1
home/programs/yq.nix
Normal file
@@ -0,0 +1 @@
|
|||||||
|
{pkgs, ...}: {home.packages = [pkgs.yq];}
|
||||||
@@ -67,12 +67,12 @@ in {
|
|||||||
};
|
};
|
||||||
environmentFiles = cfg.environmentFiles;
|
environmentFiles = cfg.environmentFiles;
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=affine-net"
|
|
||||||
"--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
|
"--health-cmd=pg_isready -U ${dbUser} -d ${dbName}"
|
||||||
"--health-interval=10s"
|
"--health-interval=10s"
|
||||||
"--health-timeout=5s"
|
"--health-timeout=5s"
|
||||||
"--health-retries=5"
|
"--health-retries=5"
|
||||||
];
|
];
|
||||||
|
networks = ["affine-net"];
|
||||||
};
|
};
|
||||||
|
|
||||||
affine-redis = {
|
affine-redis = {
|
||||||
@@ -80,8 +80,8 @@ in {
|
|||||||
volumes = [
|
volumes = [
|
||||||
"${cfg.dataDir}/redis:/data"
|
"${cfg.dataDir}/redis:/data"
|
||||||
];
|
];
|
||||||
|
networks = ["affine-net"];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=affine-net"
|
|
||||||
"--health-cmd=redis-cli --raw incr ping"
|
"--health-cmd=redis-cli --raw incr ping"
|
||||||
"--health-interval=10s"
|
"--health-interval=10s"
|
||||||
"--health-timeout=5s"
|
"--health-timeout=5s"
|
||||||
@@ -111,9 +111,7 @@ in {
|
|||||||
AFFINE_INDEXER_ENABLED = "false";
|
AFFINE_INDEXER_ENABLED = "false";
|
||||||
};
|
};
|
||||||
environmentFiles = cfg.environmentFiles;
|
environmentFiles = cfg.environmentFiles;
|
||||||
extraOptions = [
|
networks = ["affine-net"];
|
||||||
"--network=affine-net"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
affine-migration = {
|
affine-migration = {
|
||||||
@@ -133,34 +131,32 @@ in {
|
|||||||
AFFINE_INDEXER_ENABLED = "false";
|
AFFINE_INDEXER_ENABLED = "false";
|
||||||
};
|
};
|
||||||
environmentFiles = cfg.environmentFiles;
|
environmentFiles = cfg.environmentFiles;
|
||||||
extraOptions = [
|
networks = ["affine-net"];
|
||||||
"--network=affine-net"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Create the Docker network
|
# Create the Docker network
|
||||||
systemd.services.affine-network = {
|
# systemd.services.affine-network = {
|
||||||
description = "Create AFFiNE Docker network";
|
# description = "Create AFFiNE Docker network";
|
||||||
after = ["docker.service"];
|
# after = ["docker.service"];
|
||||||
wantedBy = ["multi-user.target"];
|
# wantedBy = ["multi-user.target"];
|
||||||
serviceConfig = {
|
# serviceConfig = {
|
||||||
Type = "oneshot";
|
# Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
# RemainAfterExit = true;
|
||||||
ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
|
# # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net";
|
||||||
ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
|
# # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net";
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
#
|
||||||
# Ensure containers start after the network is created
|
# Ensure containers start after the network is created
|
||||||
systemd.services.docker-affine.after = ["affine-network.service"];
|
# systemd.services.docker-affine.after = ["affine-network.service"];
|
||||||
systemd.services.docker-affine.requires = ["affine-network.service"];
|
# systemd.services.docker-affine.requires = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-postgres.after = ["affine-network.service"];
|
# systemd.services.docker-affine-postgres.after = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
|
# systemd.services.docker-affine-postgres.requires = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-redis.after = ["affine-network.service"];
|
# systemd.services.docker-affine-redis.after = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-redis.requires = ["affine-network.service"];
|
# systemd.services.docker-affine-redis.requires = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-migration.after = ["affine-network.service"];
|
# systemd.services.docker-affine-migration.after = ["affine-network.service"];
|
||||||
systemd.services.docker-affine-migration.requires = ["affine-network.service"];
|
# systemd.services.docker-affine-migration.requires = ["affine-network.service"];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,8 @@
|
|||||||
port = 6167;
|
port = 6167;
|
||||||
base_domain = "darksailor.dev";
|
base_domain = "darksailor.dev";
|
||||||
client_id = "tuwunel";
|
client_id = "tuwunel";
|
||||||
|
rtc_domain = "matrix-rtc.${base_domain}";
|
||||||
|
jwt_port = 8081;
|
||||||
elementConfig = builtins.toJSON {
|
elementConfig = builtins.toJSON {
|
||||||
default_server_config = {
|
default_server_config = {
|
||||||
"m.homeserver" = {
|
"m.homeserver" = {
|
||||||
@@ -32,6 +34,11 @@ in {
|
|||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
|
secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
|
||||||
|
secrets."livekit/key_name" = {};
|
||||||
|
secrets."livekit/key_secret" = {};
|
||||||
|
templates."livekit-keys".content = ''
|
||||||
|
${config.sops.placeholder."livekit/key_name"}: ${config.sops.placeholder."livekit/key_secret"}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
services.matrix-tuwunel = {
|
services.matrix-tuwunel = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -56,6 +63,12 @@ in {
|
|||||||
well_known = {
|
well_known = {
|
||||||
client = "https://matrix.${base_domain}";
|
client = "https://matrix.${base_domain}";
|
||||||
server = "matrix.${base_domain}:443";
|
server = "matrix.${base_domain}:443";
|
||||||
|
rtc_transports = [
|
||||||
|
{
|
||||||
|
type = "livekit";
|
||||||
|
livekit_service_url = "https://${rtc_domain}";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
package = pkgs.matrix-tuwunel;
|
package = pkgs.matrix-tuwunel;
|
||||||
@@ -73,14 +86,63 @@ in {
|
|||||||
"${base_domain}".extraConfig = ''
|
"${base_domain}".extraConfig = ''
|
||||||
reverse_proxy /.well-known/* localhost:${toString port}
|
reverse_proxy /.well-known/* localhost:${toString port}
|
||||||
'';
|
'';
|
||||||
# "matrix.${base_domain}:8448".extraConfig = ''
|
"${rtc_domain}".extraConfig = ''
|
||||||
# reverse_proxy /_matrix/* localhost:${toString port}
|
@jwt_service {
|
||||||
# '';
|
path /sfu/get* /healthz*
|
||||||
|
}
|
||||||
|
handle @jwt_service {
|
||||||
|
reverse_proxy localhost:${toString jwt_port}
|
||||||
|
}
|
||||||
|
handle {
|
||||||
|
reverse_proxy localhost:${toString config.services.livekit.settings.port} {
|
||||||
|
header_up Connection "upgrade"
|
||||||
|
header_up Upgrade {http.request.header.Upgrade}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [8448 7881];
|
||||||
|
allowedUDPPorts = [3478];
|
||||||
|
allowedUDPPortRanges = [
|
||||||
|
{
|
||||||
|
from = 50300;
|
||||||
|
to = 65535;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [8448];
|
|
||||||
|
|
||||||
users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
|
users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
|
||||||
|
|
||||||
|
services.livekit = {
|
||||||
|
enable = true;
|
||||||
|
keyFile = config.sops.templates."livekit-keys".path;
|
||||||
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
rtc = {
|
||||||
|
tcp_port = 7881;
|
||||||
|
port_range_start = 50100;
|
||||||
|
port_range_end = 50200;
|
||||||
|
use_external_ip = true;
|
||||||
|
enable_loopback_candidate = false;
|
||||||
|
};
|
||||||
|
turn = {
|
||||||
|
enabled = true;
|
||||||
|
udp_port = 3478;
|
||||||
|
relay_range_start = 50300;
|
||||||
|
relay_range_end = 65535;
|
||||||
|
domain = rtc_domain;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.lk-jwt-service = {
|
||||||
|
enable = true;
|
||||||
|
port = jwt_port;
|
||||||
|
livekitUrl = "wss://${rtc_domain}";
|
||||||
|
keyFile = config.sops.templates."livekit-keys".path;
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
authelia = {
|
authelia = {
|
||||||
instances.darksailor = {
|
instances.darksailor = {
|
||||||
|
|||||||
Reference in New Issue
Block a user