Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #314 from naturallaw777/copilot/fix-livekit-service-permissions

Browse Source 
fix: deliver LiveKit config via LoadCredential to resolve DynamicUser permission denied
This commit is contained in:
Sovran Systems
2026-06-23 21:04:51 -05:00
committed by GitHub
parent 5041e5202f 302eb43233
commit 81e34a4adb
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/element-calling.nix
+3 -2
View File
@@ -144,7 +144,7 @@ turn:
key_file: /run/credentials/livekit.service/turn-key key_file: /run/credentials/livekit.service/turn-key
EOF EOF
chmod 640 /run/livekit/livekit.yaml chmod 644 /run/livekit/livekit.yaml
''; '';
}; };
@@ -174,10 +174,11 @@ EOF
# weakening it. Everything else about the standard unit is left intact. # weakening it. Everything else about the standard unit is left intact.
systemd.services.livekit.serviceConfig.ExecStart = lib.mkForce [ systemd.services.livekit.serviceConfig.ExecStart = lib.mkForce [
"" ""
"${pkgs.livekit}/bin/livekit-server --config /run/livekit/livekit.yaml --key-file /run/credentials/livekit.service/livekit-secrets" "${pkgs.livekit}/bin/livekit-server --config /run/credentials/livekit.service/livekit-config --key-file /run/credentials/livekit.service/livekit-secrets"
]; ];
systemd.services.livekit.serviceConfig.LoadCredential = [ systemd.services.livekit.serviceConfig.LoadCredential = [
"livekit-config:/run/livekit/livekit.yaml"
"livekit-secrets:${livekitKeyFile}" "livekit-secrets:${livekitKeyFile}"
"turn-cert:/var/lib/livekit/turn.crt" "turn-cert:/var/lib/livekit/turn.crt"
"turn-key:/var/lib/livekit/turn.key" "turn-key:/var/lib/livekit/turn.key"