Skip to content

Instantly share code, notes, and snippets.

@kaychaks
Last active March 10, 2022 16:00
Show Gist options
  • Save kaychaks/c1a79aef68c32818dec7540412c9ee4b to your computer and use it in GitHub Desktop.
Save kaychaks/c1a79aef68c32818dec7540412c9ee4b to your computer and use it in GitHub Desktop.
matrix-jitsi-nixos
# accompanying blog - https://kaushikc.org/posts/matrix-jitsi-nixos.html
# /etc/nixos/configuration.nix
imports =
let
nur-no-pkgs =
import (
builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz"
) {};
in
[
nur-no-pkgs.repos.mmilata.modules.jitsi-meet # jitsi-meet in-progress
];
networking.firewall.allowedUDPPorts = [ 5349 5350];
networking.firewall.allowedTCPPorts = [ 80 443 3478 3479];
services.jitsi-meet = {
enable = true;
hostName = "jitsi.dangerousdemos.net";
videobridge.openFirewall = true;
};
services.coturn = {
enable = true;
use-auth-secret = true;
static-auth-secret = "XJmzTf6VixzX5pDZKHOxtiUenkKzr10tlhBWYoti5DvCxR4TM9XlRHxII3Ml6yV2";
realm = "turn.dangerousdemos.net";
no-tcp-relay = true;
no-tls = true;
no-dtls = true;
extraConfig = ''
user-quota=12
total-quota=1200
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
allowed-peer-ip=192.168.191.127
'';
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."matrix.dangerousdemos.net" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8008";
};
};
virtualHosts."riot.dangerousdemos.net" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.riot-web;
};
};
virtualHosts.${config.services.jitsi-meet.hostName} = {
enableACME = true;
forceSSL = true;
};
};
services.matrix-synapse = {
enable = true;
server_name = "dangerousdemos.net";
enable_metrics = true;
enable_registration = true;
database_type = "psycopg2";
database_args = {
password = "synapse";
};
listeners = [
{
port = 8008;
tls = false;
resources = [{compress = true; names = ["client" "webclient" "federation"];}];
}
];
turn_uris = [
"turn:turn.dangerousdemos.net:3478?transport=udp"
"turn:turn.dangerousdemos.ne:3478?transport=tcp"
];
turn_shared_secret = config.services.coturn.static-auth-secret;
};
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
environment = {
systemPackages = with pkgs; [
riot-web
];
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment