servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: servius:34160d0de4c9f8d4a34b28117172a8fdfc6b098c
Branches Tags
servius:master servius:matrix-rtc
..
compare: servius:7e6ece1b0d49e3d2679705d3ac7a64c4e582cc61
Branches Tags
servius:master servius:matrix-rtc

3 Commits
34160d0de4 ... 7e6ece1b0d

Author SHA1 Message Date
servius
7e6ece1b0d feat(matrix): add LiveKit support with firewall and systemd services 2026-02-23 15:49:50 +05:30
servius
60952a0e7f feat(programs): add yq package to home programs 2026-02-23 14:43:49 +05:30
servius
738013df66 refactor: update mbsync settings for Fastmail and Neomutt 2026-02-22 15:32:38 +05:30
5 changed files with 138 additions and 3 deletions
Expand all files Collapse all files

2
home/accounts/fastmail.nix
View File

@@ -60,8 +60,6 @@
};
};
};
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# accounts.email.accounts.<name>.mbsync.create
# services.mbsync.enable = true;
}

1
home/programs/default.nix
View File

@@ -82,5 +82,6 @@
./yazi.nix
./yt-dlp.nix
./zoxide.nix
./yq.nix
];
}

22
home/programs/neomutt.nix
View File

@@ -37,4 +37,26 @@ in {
${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1"
''} %s";
};
programs.mbsync.enable = true;
services.mbsync.enable = pkgs.stdenv.isLinux;
# launchd.agents.mbsync = {
# enable = true;
# config = {
# # A label for the service
# Label = "dev.darksailor.atuin-daemon";
# # The command to run
# ProgramArguments = [
# "${pkgs.atuin}/bin/atuin"
# "daemon"
# ];
# # Run the service when you log in
# RunAtLoad = true;
# # Keep the process alive, or restart if it dies
# KeepAlive = true;
# # Log files
# StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log";
# StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log";
# };
# };
}

1
home/programs/yq.nix Normal file
View File

@@ -0,0 +1 @@
{pkgs, ...}: {home.packages = [pkgs.yq];}

115
nixos/tako/services/matrix/tuwunel.nix
View File

@@ -1,11 +1,21 @@
{
config,
pkgs,
lib,
...
}: let
port = 6167;
base_domain = "darksailor.dev";
client_id = "tuwunel";
rtc_domain = "matrix-rtc.${base_domain}";
livekit_port = 7880;
livekit_rtc_tcp_port = 7881;
livekit_rtc_port_start = 50100;
livekit_rtc_port_end = 50200;
livekit_turn_udp_port = 3478;
livekit_turn_relay_start = 50300;
livekit_turn_relay_end = 65535;
jwt_port = 8081;
elementConfig = builtins.toJSON {
default_server_config = {
"m.homeserver" = {
@@ -19,6 +29,25 @@
};
};
elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
livekitConfigTemplate = pkgs.writeText "livekit.yaml.template" ''
port: ${toString livekit_port}
bind_addresses:
- ""
rtc:
tcp_port: ${toString livekit_rtc_tcp_port}
port_range_start: ${toString livekit_rtc_port_start}
port_range_end: ${toString livekit_rtc_port_end}
use_external_ip: true
enable_loopback_candidate: false
keys:
LIVEKIT_KEY_PLACEHOLDER: LIVEKIT_SECRET_PLACEHOLDER
turn:
enabled: true
udp_port: ${toString livekit_turn_udp_port}
relay_range_start: ${toString livekit_turn_relay_start}
relay_range_end: ${toString livekit_turn_relay_end}
domain: ${rtc_domain}
'';
in {
sops = {
secrets."tuwunel/client_id" = {
@@ -32,6 +61,8 @@ in {
mode = "0440";
};
secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user;
secrets."livekit/key_name" = {};
secrets."livekit/key_secret" = {};
};
services.matrix-tuwunel = {
enable = true;
@@ -56,6 +87,12 @@ in {
well_known = {
client = "https://matrix.${base_domain}";
server = "matrix.${base_domain}:443";
rtc_transports = [
{
type = "livekit";
livekit_service_url = "https://${rtc_domain}";
}
];
};
};
package = pkgs.matrix-tuwunel;
@@ -76,11 +113,87 @@ in {
# "matrix.${base_domain}:8448".extraConfig = ''
# reverse_proxy /_matrix/* localhost:${toString port}
# '';
"${rtc_domain}".extraConfig = ''
@jwt_service {
path /sfu/get* /healthz*
}
handle @jwt_service {
reverse_proxy localhost:${toString jwt_port}
}
handle {
reverse_proxy localhost:${toString livekit_port} {
header_up Connection "upgrade"
header_up Upgrade {http.request.header.Upgrade}
}
}
'';
};
networking.firewall = {
allowedTCPPorts = [8448 livekit_rtc_tcp_port];
allowedUDPPorts = [livekit_turn_udp_port];
allowedUDPPortRanges = [
{
from = livekit_rtc_port_start;
to = livekit_rtc_port_end;
}
{
from = livekit_turn_relay_start;
to = livekit_turn_relay_end;
}
];
};
networking.firewall.allowedTCPPorts = [8448];
users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];
# LiveKit server
systemd.services.livekit = {
description = "LiveKit SFU server";
after = ["network-online.target"];
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
DynamicUser = true;
StateDirectory = "livekit";
RuntimeDirectory = "livekit";
ExecStartPre = let
script = pkgs.writeShellScript "livekit-config" ''
KEY_NAME=$(cat ${config.sops.secrets."livekit/key_name".path})
KEY_SECRET=$(cat ${config.sops.secrets."livekit/key_secret".path})
${lib.getExe pkgs.gnused} \
-e "s|LIVEKIT_KEY_PLACEHOLDER|$KEY_NAME|g" \
-e "s|LIVEKIT_SECRET_PLACEHOLDER|$KEY_SECRET|g" \
${livekitConfigTemplate} > /run/livekit/livekit.yaml
'';
in "${script}";
ExecStart = "${lib.getExe pkgs.livekit} --config /run/livekit/livekit.yaml";
Restart = "on-failure";
RestartSec = 5;
AmbientCapabilities = ["CAP_NET_BIND_SERVICE"];
};
};
# LiveKit JWT service for MatrixRTC
systemd.services.lk-jwt-service = {
description = "LiveKit JWT service for MatrixRTC";
after = ["network-online.target" "livekit.service"];
wants = ["network-online.target"];
requires = ["livekit.service"];
wantedBy = ["multi-user.target"];
serviceConfig = {
DynamicUser = true;
ExecStart = "${lib.getExe pkgs.lk-jwt-service}";
Restart = "on-failure";
RestartSec = 5;
};
environment = {
LIVEKIT_JWT_BIND = ":${toString jwt_port}";
LIVEKIT_URL = "wss://${rtc_domain}";
LIVEKIT_KEY_FILE = config.sops.secrets."livekit/key_name".path;
LIVEKIT_SECRET_FILE = config.sops.secrets."livekit/key_secret".path;
LIVEKIT_FULL_ACCESS_HOMESERVERS = base_domain;
};
};
services = {
authelia = {
instances.darksailor = {