From 9a5bfa3f8067ef18ed7510c0790ec3e8f200f2e8 Mon Sep 17 00:00:00 2001 From: yukkop Date: Fri, 5 Dec 2025 19:36:53 +0000 Subject: [PATCH] feate(nixos) `bfs`: matrix, element, bla bla bla --- nixos/system/bfs/bfs.nix | 2 +- nixos/system/bfs/element-rtc.nix | 38 +++++++++++++++++--------------- nixos/system/bfs/element.nix | 22 ++++++++++++++++++ nixos/system/bfs/voice-tune.nix | 3 +++ 4 files changed, 46 insertions(+), 19 deletions(-) create mode 100644 nixos/system/bfs/element.nix diff --git a/nixos/system/bfs/bfs.nix b/nixos/system/bfs/bfs.nix index c7f660b..d03af41 100644 --- a/nixos/system/bfs/bfs.nix +++ b/nixos/system/bfs/bfs.nix @@ -10,7 +10,6 @@ ... }: let xrayPort = 10086; - matrixDomain = "accord.tube"; in { # TODO: # white list @@ -24,6 +23,7 @@ in { ./voice-tune.nix ./matrix.nix ./element-rtc.nix + ./element.nix ]; currentServer = { diff --git a/nixos/system/bfs/element-rtc.nix b/nixos/system/bfs/element-rtc.nix index 4f0618d..742a718 100644 --- a/nixos/system/bfs/element-rtc.nix +++ b/nixos/system/bfs/element-rtc.nix @@ -46,23 +46,23 @@ in { default_type application/json; add_header Access-Control-Allow-Origin *; ''; - return = "200 '{\ - \"m.homeserver\": {\ - \"base_url\": \"https://${cfg.matrixDomain}\"\ - },\ - \"m.identity_server\": {\ - \"base_url\": \"https://vector.im\"\ - },\ - \"org.matrix.msc3575.proxy\": {\ - \"url\": \"https://${cfg.matrixDomain}\"\ - },\ - \"org.matrix.msc4143.rtc_foci\": [\ - {\ - \"type\": \"livekit\",\ - \"livekit_service_url\": \"https://${cfg.matrixDomain}/livekit/jwt\"\ - }\ - ]\ - }'"; + return = ''200 '{ + "m.homeserver": { + "base_url": "https://${cfg.matrixDomain}" + }, + "m.identity_server": { + "base_url": "https://vector.im" + }, + "org.matrix.msc3575.proxy": { + "url": "https://${cfg.matrixDomain}" + }, + "org.matrix.msc4143.rtc_foci": [ + { + "type": "livekit", + "livekit_service_url": "https://${cfg.matrixDomain}/livekit/jwt" + } + ] + }' ''; }; locations."^~ /livekit/jwt/" = { @@ -89,7 +89,9 @@ in { networking.firewall = { enable = true; allowedTCPPorts = [ - 8448 + 8080 + 7880 + 7881 ]; }; }; diff --git a/nixos/system/bfs/element.nix b/nixos/system/bfs/element.nix new file mode 100644 index 0000000..cdcf438 --- /dev/null +++ b/nixos/system/bfs/element.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: let + cfg = config.currentServer.matrix; +in { + config = { + services.nginx.virtualHosts."element.${cfg.matrixDomain}" = { + enableACME = true; + forceSSL = true; + + root = pkgs.element-web.override { + conf = { + default_server_config = { + "m.homeserver".base_url = "https://${cfg.matrixDomain}"; + "m.identity_server".base_url = "https://vector.im"; + }; + + default_theme = "dark"; + show_labs_settings = true; + }; + }; + }; + }; +} diff --git a/nixos/system/bfs/voice-tune.nix b/nixos/system/bfs/voice-tune.nix index 766f530..d942b24 100644 --- a/nixos/system/bfs/voice-tune.nix +++ b/nixos/system/bfs/voice-tune.nix @@ -17,6 +17,9 @@ in { allowedUDPPortRanges = [ { from = 49152; to = 65535; } ]; + allowedTCPPortRanges = [ + { from = 50000; to = 51000; } + ]; }; services.matrix-synapse.settings = {