loptland: init element-call

2026-03-26 17:43:07 +01:00 · 2026-03-26 17:43:07 +01:00 · a2ebdf9884
commit a2ebdf9884
parent 8fab0c421c
4 changed files with 106 additions and 7 deletions
--- a/modules/hosts/loptland/nginx.nix
+++ b/modules/hosts/loptland/nginx.nix
@ -8,6 +8,9 @@
    }:
    let
      domainName = "christophhollizeck.dev";
+      matrixDomain = "alwayssleepy.online";
+      livekitPort = 7880;
+      lkJwtPort = 8089;
    in
    {
      services.nginx = {
@ -50,9 +53,9 @@
            };
          };

-          "matrix.alwayssleepy.online" = lib.mkIf config.services.matrix-synapse.enable {
+          "matrix.${matrixDomain}" = lib.mkIf config.services.matrix-synapse.enable {
            forceSSL = true;
-            useACMEHost = "alwayssleepy.online";
+            useACMEHost = matrixDomain;

            locations."/" = {
              proxyPass = "http://localhost:${toString 8008}";
@ -62,15 +65,60 @@
            };
          };

+          "call.${matrixDomain}" = lib.mkIf config.services.lk-jwt-service.enable {
+            forceSSL = true;
+            useACMEHost = matrixDomain;
+
+            locations."= /config.json" = {
+              extraConfig = ''
+                default_type application/json;
+                return 200 '${builtins.toJSON {
+                  default_server_config = {
+                    "m.homeserver" = {
+                      base_url = "https://matrix.${matrixDomain}";
+                      server_name = matrixDomain;
+                    };
+                  };
+                  livekit = {
+                    livekit_service_url = "https://call.${matrixDomain}/livekit/jwt";
+                  };
+                }}';
+              '';
+            };
+
+            locations."/" = {
+              root = "${pkgs.element-call}";
+              tryFiles = "$uri /index.html";
+              extraConfig = ''
+                add_header Cache-Control "no-cache" always;
+              '';
+            };
+
+            # Proxy lk-jwt-service for token generation
+            locations."/livekit/jwt" = {
+              proxyPass = "http://localhost:${toString lkJwtPort}";
+            };
+
+            # Proxy LiveKit SFU websocket
+            locations."/livekit/sfu" = {
+              proxyPass = "http://localhost:${toString livekitPort}";
+              extraConfig = ''
+                proxy_http_version 1.1;
+                proxy_set_header Upgrade $http_upgrade;
+                proxy_set_header Connection "upgrade";
+              '';
+            };
+          };
+
          # .well-known Matrix delegation so Matrix IDs are @user:alwayssleepy.online
          "alwayssleepy.online" = {
            forceSSL = true;
-            useACMEHost = "alwayssleepy.online";
+            useACMEHost = matrixDomain;

            locations."/.well-known/matrix/server" = {
              extraConfig = ''
                default_type application/json;
-                return 200 '{"m.server":"matrix.alwayssleepy.online:443"}';
+                return 200 '{"m.server":"matrix.${matrixDomain}:443"}';
              '';
            };

@ -78,7 +126,7 @@
              extraConfig = ''
                default_type application/json;
                add_header 'Access-Control-Allow-Origin' '*';
-                return 200 '{"m.homeserver":{"base_url":"https://matrix.alwayssleepy.online"}}';
+                return 200 '{"m.homeserver":{"base_url":"https://matrix.${matrixDomain}"},"org.matrix.msc4143.rtc_foci":[{"type":"livekit","livekit_service_url":"https://call.${matrixDomain}/livekit/jwt"}]}';
              '';
            };
          };