diff --git a/home/accounts/fastmail.nix b/home/accounts/fastmail.nix index 42aef59c..64460a18 100644 --- a/home/accounts/fastmail.nix +++ b/home/accounts/fastmail.nix @@ -60,8 +60,6 @@ }; }; }; - programs.mbsync.enable = true; - services.mbsync.enable = pkgs.stdenv.isLinux; # accounts.email.accounts..mbsync.create # services.mbsync.enable = true; } diff --git a/home/programs/default.nix b/home/programs/default.nix index 82b461e1..37c148be 100644 --- a/home/programs/default.nix +++ b/home/programs/default.nix @@ -82,5 +82,6 @@ ./yazi.nix ./yt-dlp.nix ./zoxide.nix + ./yq.nix ]; } diff --git a/home/programs/neomutt.nix b/home/programs/neomutt.nix index e17455e7..ae5223c5 100644 --- a/home/programs/neomutt.nix +++ b/home/programs/neomutt.nix @@ -37,4 +37,26 @@ in { ${pkgs.libnotify}/bin/notify-send "New Mail" "New email in $1" ''} %s"; }; + programs.mbsync.enable = true; + services.mbsync.enable = pkgs.stdenv.isLinux; + + # launchd.agents.mbsync = { + # enable = true; + # config = { + # # A label for the service + # Label = "dev.darksailor.atuin-daemon"; + # # The command to run + # ProgramArguments = [ + # "${pkgs.atuin}/bin/atuin" + # "daemon" + # ]; + # # Run the service when you log in + # RunAtLoad = true; + # # Keep the process alive, or restart if it dies + # KeepAlive = true; + # # Log files + # StandardOutPath = "${device.home}/Library/Logs/atuin-daemon.log"; + # StandardErrorPath = "${device.home}/Library/Logs/atuin-daemon.error.log"; + # }; + # }; } diff --git a/home/programs/yq.nix b/home/programs/yq.nix new file mode 100644 index 00000000..30f7e1ed --- /dev/null +++ b/home/programs/yq.nix @@ -0,0 +1 @@ +{pkgs, ...}: {home.packages = [pkgs.yq];} diff --git a/modules/nixos/affine.nix b/modules/nixos/affine.nix index 7125cd07..6726c69b 100644 --- a/modules/nixos/affine.nix +++ b/modules/nixos/affine.nix @@ -67,12 +67,12 @@ in { }; environmentFiles = cfg.environmentFiles; extraOptions = [ - "--network=affine-net" "--health-cmd=pg_isready -U ${dbUser} -d ${dbName}" "--health-interval=10s" "--health-timeout=5s" "--health-retries=5" ]; + networks = ["affine-net"]; }; affine-redis = { @@ -80,8 +80,8 @@ in { volumes = [ "${cfg.dataDir}/redis:/data" ]; + networks = ["affine-net"]; extraOptions = [ - "--network=affine-net" "--health-cmd=redis-cli --raw incr ping" "--health-interval=10s" "--health-timeout=5s" @@ -111,9 +111,7 @@ in { AFFINE_INDEXER_ENABLED = "false"; }; environmentFiles = cfg.environmentFiles; - extraOptions = [ - "--network=affine-net" - ]; + networks = ["affine-net"]; }; affine-migration = { @@ -133,34 +131,32 @@ in { AFFINE_INDEXER_ENABLED = "false"; }; environmentFiles = cfg.environmentFiles; - extraOptions = [ - "--network=affine-net" - ]; + networks = ["affine-net"]; }; }; }; # Create the Docker network - systemd.services.affine-network = { - description = "Create AFFiNE Docker network"; - after = ["docker.service"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net"; - ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net"; - }; - }; - + # systemd.services.affine-network = { + # description = "Create AFFiNE Docker network"; + # after = ["docker.service"]; + # wantedBy = ["multi-user.target"]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # # ExecStart = "${config.virtualisation.docker.package}/bin/docker network create affine-net"; + # # ExecStop = "${config.virtualisation.docker.package}/bin/docker network remove affine-net"; + # }; + # }; + # # Ensure containers start after the network is created - systemd.services.docker-affine.after = ["affine-network.service"]; - systemd.services.docker-affine.requires = ["affine-network.service"]; - systemd.services.docker-affine-postgres.after = ["affine-network.service"]; - systemd.services.docker-affine-postgres.requires = ["affine-network.service"]; - systemd.services.docker-affine-redis.after = ["affine-network.service"]; - systemd.services.docker-affine-redis.requires = ["affine-network.service"]; - systemd.services.docker-affine-migration.after = ["affine-network.service"]; - systemd.services.docker-affine-migration.requires = ["affine-network.service"]; + # systemd.services.docker-affine.after = ["affine-network.service"]; + # systemd.services.docker-affine.requires = ["affine-network.service"]; + # systemd.services.docker-affine-postgres.after = ["affine-network.service"]; + # systemd.services.docker-affine-postgres.requires = ["affine-network.service"]; + # systemd.services.docker-affine-redis.after = ["affine-network.service"]; + # systemd.services.docker-affine-redis.requires = ["affine-network.service"]; + # systemd.services.docker-affine-migration.after = ["affine-network.service"]; + # systemd.services.docker-affine-migration.requires = ["affine-network.service"]; }; } diff --git a/nixos/tako/services/matrix/tuwunel.nix b/nixos/tako/services/matrix/tuwunel.nix index 6d73164b..61681151 100644 --- a/nixos/tako/services/matrix/tuwunel.nix +++ b/nixos/tako/services/matrix/tuwunel.nix @@ -6,6 +6,8 @@ port = 6167; base_domain = "darksailor.dev"; client_id = "tuwunel"; + rtc_domain = "matrix-rtc.${base_domain}"; + jwt_port = 8081; elementConfig = builtins.toJSON { default_server_config = { "m.homeserver" = { @@ -32,6 +34,11 @@ in { mode = "0440"; }; secrets."tuwunel/registration_token".owner = config.services.matrix-tuwunel.user; + secrets."livekit/key_name" = {}; + secrets."livekit/key_secret" = {}; + templates."livekit-keys".content = '' + ${config.sops.placeholder."livekit/key_name"}: ${config.sops.placeholder."livekit/key_secret"} + ''; }; services.matrix-tuwunel = { enable = true; @@ -56,6 +63,12 @@ in { well_known = { client = "https://matrix.${base_domain}"; server = "matrix.${base_domain}:443"; + rtc_transports = [ + { + type = "livekit"; + livekit_service_url = "https://${rtc_domain}"; + } + ]; }; }; package = pkgs.matrix-tuwunel; @@ -73,14 +86,63 @@ in { "${base_domain}".extraConfig = '' reverse_proxy /.well-known/* localhost:${toString port} ''; - # "matrix.${base_domain}:8448".extraConfig = '' - # reverse_proxy /_matrix/* localhost:${toString port} - # ''; + "${rtc_domain}".extraConfig = '' + @jwt_service { + path /sfu/get* /healthz* + } + handle @jwt_service { + reverse_proxy localhost:${toString jwt_port} + } + handle { + reverse_proxy localhost:${toString config.services.livekit.settings.port} { + header_up Connection "upgrade" + header_up Upgrade {http.request.header.Upgrade} + } + } + ''; + }; + networking.firewall = { + allowedTCPPorts = [8448 7881]; + allowedUDPPorts = [3478]; + allowedUDPPortRanges = [ + { + from = 50300; + to = 65535; + } + ]; }; - networking.firewall.allowedTCPPorts = [8448]; users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group]; + services.livekit = { + enable = true; + keyFile = config.sops.templates."livekit-keys".path; + openFirewall = true; + settings = { + rtc = { + tcp_port = 7881; + port_range_start = 50100; + port_range_end = 50200; + use_external_ip = true; + enable_loopback_candidate = false; + }; + turn = { + enabled = true; + udp_port = 3478; + relay_range_start = 50300; + relay_range_end = 65535; + domain = rtc_domain; + }; + }; + }; + + services.lk-jwt-service = { + enable = true; + port = jwt_port; + livekitUrl = "wss://${rtc_domain}"; + keyFile = config.sops.templates."livekit-keys".path; + }; + services = { authelia = { instances.darksailor = {