hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: some recomendations

Browse Source
This commit is contained in:
yukkop
2026-05-24 15:08:40 +00:00
parent bcf5ae5da7
commit ecabc0b6c2
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/module/generic/matrix-cluster.nix
View File

@@ -288,7 +288,6 @@ in {
cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
listening-ips = [ cfg.publicIp ]; listening-ips = [ cfg.publicIp ];
no-tcp-relay = true;
relay-ips = [ cfg.publicIp ]; relay-ips = [ cfg.publicIp ];
listening-port = 3478; listening-port = 3478;
tls-listening-port = 5349; tls-listening-port = 5349;
@@ -392,6 +391,12 @@ in {
networking.firewall = lib.mkIf (cfg.turnSecretFile != null) { networking.firewall = lib.mkIf (cfg.turnSecretFile != null) {
allowedUDPPorts = [ 3478 5349 ]; allowedUDPPorts = [ 3478 5349 ];
allowedTCPPorts = [ 3478 5349 ]; allowedTCPPorts = [ 3478 5349 ];
allowedTCPPortRanges = [
{
from = 49152;
to = 65535;
}
];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ {
from = 49152; from = 49152;

19
nixos/module/hectic/service/element-rtc.nix
View File

@@ -80,11 +80,30 @@ in {
}' ''; }' '';
}; };
locations."= /livekit/jwt" = {
priority = 500;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
};
locations."^~ /livekit/jwt/" = { locations."^~ /livekit/jwt/" = {
priority = 400; priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/"; proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
}; };
locations."= /livekit/sfu" = {
priority = 500;
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
proxyWebsockets = true;
extraConfig = ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
locations."^~ /livekit/sfu/" = { locations."^~ /livekit/sfu/" = {
priority = 400; priority = 400;
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/"; proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";

2
nixos/module/hectic/service/element.nix
View File

@@ -22,6 +22,8 @@ in {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."= /config.element.${matrixDomain}.json".return = "302 /config.json";
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = {