60 lines
1.3 KiB
Nix
60 lines
1.3 KiB
Nix
|
{ config, pkgs, ... }:
|
||
|
|
|
||
|
|
{
|
||
|
|
sops.secrets."livekit/api_key" = {
|
||
|
|
sopsFile = ./secrets/livekit_vps.yaml;
|
||
|
|
mode = "0400";
|
||
|
|
};
|
||
|
|
sops.secrets."livekit/api_secret" = {
|
||
|
|
sopsFile = ./secrets/livekit_vps.yaml;
|
||
|
|
mode = "0400";
|
||
|
|
};
|
||
|
|
|
||
|
|
# WebRTC media (UDP) and ICE TCP fallback. HTTP signaling goes through nginx.
|
||
|
|
networking.firewall = {
|
||
|
|
allowedTCPPorts = [ 7881 ];
|
||
|
|
allowedUDPPortRanges = [
|
||
|
|
{
|
||
|
|
from = 50000;
|
||
|
|
to = 50200;
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
|
||
|
|
systemd.services.livekit = {
|
||
|
|
description = "LiveKit SFU server";
|
||
|
|
wantedBy = [ "multi-user.target" ];
|
||
|
|
after = [ "network-online.target" ];
|
||
|
|
wants = [ "network-online.target" ];
|
||
|
|
|
||
|
|
serviceConfig = {
|
||
|
|
DynamicUser = true;
|
||
|
|
RuntimeDirectory = "livekit";
|
||
|
|
Restart = "always";
|
||
|
|
RestartSec = 5;
|
||
|
|
};
|
||
|
|
|
||
|
|
script = ''
|
||
|
|
API_KEY=$(cat ${config.sops.secrets."livekit/api_key".path})
|
||
|
|
API_SECRET=$(cat ${config.sops.secrets."livekit/api_secret".path})
|
||
|
|
|
||
|
|
cat > /run/livekit/config.yaml <<YAML
|
||
|
|
port: 7880
|
||
|
|
bind_addresses:
|
||
|
|
- "127.0.0.1"
|
||
|
|
rtc:
|
||
|
|
port_range_start: 50000
|
||
|
|
port_range_end: 50200
|
||
|
|
use_external_ip: true
|
||
|
|
tcp_port: 7881
|
||
|
|
logging:
|
||
|
|
level: info
|
||
|
|
keys:
|
||
|
|
$API_KEY: $API_SECRET
|
||
|
|
YAML
|
||
|
|
|
||
|
|
exec ${pkgs.livekit}/bin/livekit-server --config /run/livekit/config.yaml
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
}
|