fix: some recomendations

2026-05-24 15:08:40 +00:00
parent bcf5ae5da7
commit ecabc0b6c2
3 changed files with 27 additions and 1 deletions
--- a/nixos/module/generic/matrix-cluster.nix
+++ b/nixos/module/generic/matrix-cluster.nix
@@ -288,7 +288,6 @@ in {
        cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
        pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
        listening-ips = [ cfg.publicIp ];
-        no-tcp-relay = true;
        relay-ips = [ cfg.publicIp ];
        listening-port = 3478;
        tls-listening-port = 5349;
@@ -392,6 +391,12 @@ in {
      networking.firewall = lib.mkIf (cfg.turnSecretFile != null) {
        allowedUDPPorts = [ 3478 5349 ];
        allowedTCPPorts = [ 3478 5349 ];
+        allowedTCPPortRanges = [
+          {
+            from = 49152;
+            to = 65535;
+          }
+        ];
        allowedUDPPortRanges = [
          {
            from = 49152;
--- a/nixos/module/hectic/service/element-rtc.nix
+++ b/nixos/module/hectic/service/element-rtc.nix
@@ -80,11 +80,30 @@ in {
          }' '';
        };

+        locations."= /livekit/jwt" = {
+          priority = 500;
+          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
+        };
+
        locations."^~ /livekit/jwt/" = {
          priority = 400;
          proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
        };

+        locations."= /livekit/sfu" = {
+          priority = 500;
+          proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_send_timeout 120;
+            proxy_read_timeout 120;
+            proxy_buffering off;
+            proxy_set_header Accept-Encoding gzip;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
+        };
+
        locations."^~ /livekit/sfu/" = {
          priority = 400;
          proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
--- a/nixos/module/hectic/service/element.nix
+++ b/nixos/module/hectic/service/element.nix
@@ -22,6 +22,8 @@ in {
      enableACME = true;
      forceSSL = true;

+      locations."= /config.element.${matrixDomain}.json".return = "302 /config.json";
+
      root = pkgs.element-web.override {
        conf = {
          default_server_config = {