fixed syntax for elment-calling

2026-03-24 17:22:22 -05:00
parent f02f87d6f6
commit d3ddd85792
1 changed files with 63 additions and 95 deletions
--- a/modules/element-calling.nix
+++ b/modules/element-calling.nix
@@ -1,18 +1,17 @@
 { config, pkgs, lib, ... }:

 let
-
-personalization = import ./personalization.nix;
-
+  personalization = import ./personalization.nix;
 in

 lib.mkIf config.sovran_systemsOS.features.element-calling {

+  ####### SYSTEMD TMPFILES #######
  systemd.tmpfiles.rules = [
    "d /var/lib/domains/element-calling 0750 caddy php -"
  ];

-
+  ####### CADDY EXTRA CONFIG #######
  "${personalization.matrix_url}" = lib.mkForce {
    extraConfig = ''
      reverse_proxy /_matrix/* http://localhost:8008
@@ -21,12 +20,11 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {
      header /.well-known/matrix/* Access-Control-Allow-Origin "*"
      header /.well-known/matrix/* Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
      header /.well-known/matrix/* Access-Control-Allow-Headers "X-Requested-With, Content-Type, Authorization"
-      respond /.well-known/matrix/client `{ "m.homeserver": {"base_url": "https://anarchyislove.xyz" }, "org.matrix.msc4143.rtc_foci": [{ "type":"livekit", "livekit_service_url":"https://${personalization.element-calling_url}/livekit/jwt" }] }`
+      respond /.well-known/matrix/client `{ "m.homeserver": {"base_url": "https://${personalization.matrix_url}" }, "org.matrix.msc4143.rtc_foci": [{ "type":"livekit", "livekit_service_url":"https://${personalization.element-calling_url}/livekit/jwt" }] }`
    '';
  };

-
-		"${personalization.element-calling_url}" = {
+  "${personalization.element-calling_url}" = lib.mkForce {
    extraConfig = ''
      handle /livekit/jwt/sfu/get {
        uri strip_prefix /livekit/jwt
@@ -37,22 +35,21 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {
          header_up X-Forwarded-For {remote_host}
        }
      }
-				  
      handle {
        reverse_proxy localhost:7880
      }
    '';
  };

+  ####### LIVEKIT SERVICE #######
  services.livekit = {
    enable = true;
    openFirewall = true;
    settings = {
      rtc.use_external_ip = true;
      rtc.udp_port = "7882-7894";
-    room = {
-      auto_create = false;
-    };
+      room.auto_create = false;
+
      turn = {
        enabled = true;
        domain = "${personalization.matrix_url}";
@@ -65,12 +62,12 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {
    keyFile = "/var/lib/livekit/livekit_keyFile";
  };

-  networking.firewall.allowedTCPPorts = [ 7881 ]; #Livekit TCP Port
-		
+  networking.firewall.allowedTCPPorts = [ 7881 ];
  networking.firewall.allowedUDPPortRanges = [
-	  { from=7882; to=7894; }
+    { from = 7882; to = 7894; }
  ];

+  ####### JWT SERVICE #######
  services.lk-jwt-service = {
    enable = true;
    port = 8073;
@@ -78,11 +75,10 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {
    keyFile = "/var/lib/livekit/livekit_keyFile";
  };

+  ####### MATRIX-SYNAPSE SETTINGS #######
  services.matrix-synapse = {
-    settings = lib.mkForce {
-    
+    settings = {
      serve_server_wellknown = true;
-
      public_baseurl = "${personalization.matrix_url}";

      experimental_features = {
@@ -92,50 +88,29 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {

      max_event_delay_duration = "24h";

-      rc_message = { 
-        per_second = 0.5;
-        burst_count = 30;
-      };
-
-      rc_delayed_event_mgmt = {
-        per_second = 1;
-        burst_count = 20;
-      };
+      rc_message = { per_second = 0.5; burst_count = 30; };
+      rc_delayed_event_mgmt = { per_second = 1; burst_count = 20; };

      push.include_content = false;
      server_name = personalization.matrix_url;
      url_preview_enabled = true;
-      max_upload_size = "1024M";
      group_unread_count_by_room = false;
      encryption_enabled_by_default_for_room_type = "invite";
      allow_profile_lookup_over_federation = false;
      allow_device_name_lookup_over_federation = false;

      url_preview_ip_range_blacklist = [
-          "10.0.0.0/8"
-          "100.64.0.0/10"
-          "169.254.0.0/16"
-          "172.16.0.0/12"
-          "192.0.0.0/24"
-          "192.0.2.0/24"
-          "192.168.0.0/16"
-          "192.88.99.0/24"
-          "198.18.0.0/15"
-          "198.51.100.0/24"
-          "2001:db8::/32"
-          "203.0.113.0/24"
-          "224.0.0.0/4"
-          "::1/128"
-          "fc00::/7"
-          "fe80::/10"
-          "fec0::/10"
-          "ff00::/8"
+        "10.0.0.0/8" "100.64.0.0/10" "169.254.0.0/16" "172.16.0.0/12"
+        "192.0.0.0/24" "192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24"
+        "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32" "203.0.113.0/24"
+        "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8"
      ];

      url_preview_ip_ranger_whitelist = [ "127.0.0.1" ];
      presence.enabled = true;
      enable_registration = false;
      registration_shared_secret = config.age.secrets.matrix_reg_secret.path;
+
      listeners = [
        {
          port = 8008;
@@ -144,18 +119,11 @@ lib.mkIf config.sovran_systemsOS.features.element-calling {
          tls = false;
          x_forwarded = true;
          resources = [
-            {
-              names = [ "client" ];
-              compress = true;
-            } 
-            {
-              names = [ "federation" ];
-              compress = false;
-            } 
+            { names = [ "client" ]; compress = true; }
+            { names = [ "federation" ]; compress = false; }
          ];
        }
      ];
    };
  };
 }
-