hippocampus: matrix: turn/sfu prep

2026-02-14 15:05:08 -05:00
parent 1b1755b498
commit 785319fdb4
3 changed files with 90 additions and 0 deletions
--- a/machines/hippocampus/servers/public/matrix/rtc.nix
+++ b/machines/hippocampus/servers/public/matrix/rtc.nix
@@ -0,0 +1,60 @@
+{ config, pkgs, lib, ... }: {
+  imports = [
+    ./turn.nix
+  ];
+  # Shared between lk-jwt-service and livekit
+  # TODO: Generate it
+  sops.secrets.lk-jwt = {};
+  services.lk-jwt-service = {
+    enable = true;
+    port = 7374;
+    livekitUrl = "wss://matrix-rtc.glia.club";
+    keyFile = config.sops.secrets.lk-jwt.path;
+  };
+  services.livekit = {
+    enable  = true;
+    keyFile = config.sops.secrets.lk-jwt.path;
+    # Ingress of other video streams
+    # for RTC usage, e.g. RTMP, WHIP, etc.
+    ingress = { enable = false; };
+    # Redis is used if we were to use ingress
+    redis = { createLocally = false };
+    settings = {
+      port = 7375;
+      rtc = {
+        port_range_end   = 50100;
+        port_range_start = 50200;
+        use_external_ip  = true;
+        enable_loopback_candidate = false;
+      };
+    };
+  };
+  services.matrix-tuwunel.settings = {
+    global.well_known = {
+      rtc_transports = [
+        type = "livekit";
+        livekit_service_url = "https://matrix-rtc.glia.club";
+      ];
+    };
+  };
+  services.caddy.virtualHosts = {
+    "matrix-rtc.glia.club" = {
+      extraConfig = ''
+        # This is matrix-rtc-jwt
+        @jwt_service {
+          path /sfu/get* /healthz*
+        }
+        handle @jwt_service {
+          reverse_proxy localhost:${config.services.lk-jwt-service.port}
+        }
+        # This is livekit
+        handle {
+          reverse_proxy localhost:${config.services.livekit.settings.port} {
+            header_up Connection "upgrade"
+            header_up Upgrade {http.request.header.Upgrade}
+          }
+        }
+      '';
+    };
+  };
+}