Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,870 Commits 3 Branches 2 Tags
302eb4323341904d55b23b903656ca12797a10b0
Commit Graph

36 Commits

Author SHA1 Message Date
copilot-swe-agent[bot] 302eb43233 fix: deliver livekit config via LoadCredential to fix DynamicUser permission denied 2026-06-24 01:21:05 +00:00
Sovran Systems 8baefe1bfd fix(element-calling): enable LiveKit embedded TURN with runtime matrix domain + cert 
LiveKit was exiting cleanly with "TURN domain required" because turn.enabled
was set in the build-time config but turn.domain was never provided to the
process (the old livekit-runtime-config.service wrote a YAML that nothing
read). A clean exit (status 0) meant Restart=on-failure never restarted it,
so the Hub reported the service as Inactive.

This replaces the dead runtime-config oneshot with livekit-turn-setup.service,
which at runtime:
  - reads the matrix domain from /var/lib/domains/matrix (no hardcoding)
  - copies Caddy's already-issued matrix cert/key into /var/lib/livekit
  - generates a complete LiveKit config (incl. turn.domain + TLS cert/key)
    at /run/livekit/livekit.yaml

The livekit.service ExecStart is overridden to load that runtime config
(mirroring the existing Caddy ExecStart override pattern in
modules/core/caddy.nix), since turn.domain is only known at runtime. The cert
is delivered via LoadCredential so it is readable under DynamicUser=true
without weakening the sandbox.

Also aligns the RTC media port range (rtc.port_range_start/end = 30000-40000)
so it matches the forwarded ports, and drops the now-redundant manual
30000-40000 firewall ranges (covered by services.livekit settings/openFirewall).
 2026-06-23 20:03:26 -05:00
copilot-swe-agent[bot] d3beee602d feat: migrate Matrix federation from port 8448 to .well-known/matrix/server on 443 
- modules/core/caddy.nix: replace $MATRIX:8448 site with .well-known/matrix/server handler inside $MATRIX vhost
- modules/element-calling.nix: add .well-known/matrix/server respond directive, remove $MATRIX:8448 block
- modules/synapse.nix: remove 8448 TCP/UDP firewall openings
- app/sovran_systemsos_web/server.py: remove _PORTS_MATRIX_FEDERATION constant, set matrix-synapse.service to [], simplify api_service_detail to only check LiveKit extra ports
- app/sovran_systemsos_web/static/onboarding.js: remove 8448 row from Step 4, update totals to 3/8 (3 required + 5 optional)
 2026-06-13 14:52:26 +00:00
copilot-swe-agent[bot] a350d4e2f7 Fix LiveKit rtc.udp_port: use integer 7882 instead of string range, update firewall rules 
Agent-Logs-Url: https://github.com/naturallaw777/sovran-systems/sessions/f531f757-8ab7-4742-9c75-8d1e57d73380

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
 2026-05-22 03:23:10 +00:00
naturallaw777 2cd9d7cf20 updated elementcalling firewall typo 2026-04-14 13:30:27 -05:00
naturallaw777 8500e1de05 updated elementcalling firewall 2026-04-14 13:28:35 -05:00
copilot-swe-agent[bot] 1727755942 fix: open TURN firewall ports 5349 (TCP) and 3478 (UDP) in element-calling.nix 
Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/484cfc63-13c7-4008-8a94-cff4d554c27c

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
 2026-04-14 18:21:21 +00:00
naturallaw777 ea2bc2fb79 updated element-calling 2026-03-27 20:52:42 -05:00
naturallaw777 20c28e8be5 added script for domains 2026-03-27 17:46:52 -05:00
naturallaw777 7509807938 added tooling for domains 2026-03-27 17:12:11 -05:00
naturallaw777 4630ff0e1b updated element calling 2026-03-27 16:27:10 -05:00
naturallaw777 424962412f fixed synce errors 2026-03-27 15:13:15 -05:00
naturallaw777 0af9dce098 initial retooling 2026-03-27 14:29:26 -05:00
naturallaw777 e1e9376792 initial retooling 2026-03-27 14:23:08 -05:00
naturallaw777 9f575418cf updated element-calling 2026-03-25 11:17:19 -05:00
naturallaw777 b21cceb9ee fixed element-calling 2026-03-25 07:34:30 -05:00
naturallaw777 eea4485164 fixed element-calling 2026-03-25 07:23:16 -05:00
naturallaw777 0591c90a7f updated element-calling 2026-03-25 07:07:59 -05:00
naturallaw777 87f8e8b855 fixed element-calling 2026-03-24 18:57:32 -05:00
naturallaw777 e408d115fd added script to make directories 2026-03-24 18:43:07 -05:00
naturallaw777 7be1f5fa15 syntax error 2026-03-24 18:32:14 -05:00
naturallaw777 c53647ec28 syntax error 2026-03-24 18:28:46 -05:00
naturallaw777 dc88f8a65d syntax error 2026-03-24 18:21:56 -05:00
naturallaw777 26feecdf4f retool personalization 2026-03-24 18:19:34 -05:00
naturallaw777 0fe6395aea syntax error 2026-03-24 18:14:38 -05:00
naturallaw777 89aedec013 fixed element-calling 2026-03-24 18:12:57 -05:00
naturallaw777 178b007f56 fixed personalization.nix to help elment-calling 2026-03-24 18:10:24 -05:00
naturallaw777 404a613017 fixed directory make 2026-03-24 17:53:41 -05:00
naturallaw777 4abce7065d fixed directory make 2026-03-24 17:49:33 -05:00
naturallaw777 195160edd3 fixed directory make 2026-03-24 17:44:34 -05:00
naturallaw777 c783b20a6d fixed directory make 2026-03-24 17:37:49 -05:00
naturallaw777 a02cb49fdf fixed delayed loading for element-calling 2026-03-24 17:29:17 -05:00
naturallaw777 e755d02199 fixed syntax for elment-calling 2026-03-24 17:22:22 -05:00
naturallaw777 199203bb74 fixed syntax 2026-03-24 17:17:30 -05:00
naturallaw777 ba3318369d fixed tooling 2026-03-24 17:03:02 -05:00
naturallaw777 ca30ce77d1 retooling and updated README 2026-03-24 16:38:45 -05:00