commit da21cd73af728ab61b80185df26dbffaf3d13819 · pyrox.dev/nixpkgs

nixos/modules/module-list.nix

···

       1197
        
         ./services/networking/lambdabot.nix

     

       1198
        
         ./services/networking/legit.nix

     

       1199
        
         ./services/networking/libreswan.nix

     

       0
        
       
     

       1200
        
         ./services/networking/livekit.nix

     

       1201
        
         ./services/networking/lldpd.nix

     

       1202
        
         ./services/networking/logmein-hamachi.nix

···

       1197
        
         ./services/networking/lambdabot.nix

     

       1198
        
         ./services/networking/legit.nix

     

       1199
        
         ./services/networking/libreswan.nix

     

       1200
       +
         ./services/networking/livekit-ingress.nix

     

       1201
        
         ./services/networking/livekit.nix

     

       1202
        
         ./services/networking/lldpd.nix

     

       1203
        
         ./services/networking/logmein-hamachi.nix

+181

nixos/modules/services/networking/livekit-ingress.nix

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         utils,

     

       6
       +
         ...

     

       7
       +
       }:

     

       8
       +
       let

     

       9
       +
         cfg = config.services.livekit.ingress;

     

       10
       +
         format = pkgs.formats.yaml { };

     

       11
       +
         settings = lib.filterAttrsRecursive (_: v: v != null) cfg.settings;

     

       12
       +
       

     

       13
       +
         isLocallyDistributed = config.services.livekit.enable;

     

       14
       +
       in

     

       15
       +
       {

     

       16
       +
         meta.maintainers = with lib.maintainers; [ k900 ];

     

       17
       +
         options.services.livekit.ingress = {

     

       18
       +
           enable = lib.mkEnableOption "the livekit ingress service";

     

       19
       +
           package = lib.mkPackageOption pkgs "livekit-ingress" { };

     

       20
       +
       

     

       21
       +
           openFirewall = {

     

       22
       +
             rtc = lib.mkOption {

     

       23
       +
               type = lib.types.bool;

     

       24
       +
               default = false;

     

       25
       +
               description = "Open WebRTC ports in the firewall.";

     

       26
       +
             };

     

       27
       +
       

     

       28
       +
             rtmp = lib.mkOption {

     

       29
       +
               type = lib.types.bool;

     

       30
       +
               default = false;

     

       31
       +
               description = "Open RTMP port in the firewall.";

     

       32
       +
             };

     

       33
       +
       

     

       34
       +
             whip = lib.mkOption {

     

       35
       +
               type = lib.types.bool;

     

       36
       +
               default = false;

     

       37
       +
               description = "Open WHIP port in the firewall.";

     

       38
       +
             };

     

       39
       +
           };

     

       40
       +
       

     

       41
       +
           settings = lib.mkOption {

     

       42
       +
             type = lib.types.submodule {

     

       43
       +
               freeformType = format.type;

     

       44
       +
               options = {

     

       45
       +
                 rtmp_port = lib.mkOption {

     

       46
       +
                   type = lib.types.port;

     

       47
       +
                   default = 1935;

     

       48
       +
                   description = "TCP port for RTMP connections";

     

       49
       +
                 };

     

       50
       +
       

     

       51
       +
                 whip_port = lib.mkOption {

     

       52
       +
                   type = lib.types.port;

     

       53
       +
                   default = 8080;

     

       54
       +
                   description = "TCP port for WHIP connections";

     

       55
       +
                 };

     

       56
       +
       

     

       57
       +
                 redis = {

     

       58
       +
                   address = lib.mkOption {

     

       59
       +
                     type = with lib.types; nullOr str;

     

       60
       +
                     default =

     

       61
       +
                       if isLocallyDistributed then

     

       62
       +
                         "${config.services.livekit.redis.host}:${toString config.services.livekit.redis.port}"

     

       63
       +
                       else

     

       64
       +
                         null;

     

       65
       +
                     example = "redis.example.com:6379";

     

       66
       +
                     defaultText = "Host and port of the local livekit redis instance, if enabled, or null";

     

       67
       +
                     description = "Address or hostname and port for redis connection";

     

       68
       +
                   };

     

       69
       +
       

     

       70
       +
                 };

     

       71
       +
       

     

       72
       +
                 rtc_config = {

     

       73
       +
                   port_range_start = lib.mkOption {

     

       74
       +
                     type = lib.types.int;

     

       75
       +
                     default = 50000;

     

       76
       +
                     description = "Start of UDP port range for WebRTC";

     

       77
       +
                   };

     

       78
       +
       

     

       79
       +
                   port_range_end = lib.mkOption {

     

       80
       +
                     type = lib.types.int;

     

       81
       +
                     default = 51000;

     

       82
       +
                     description = "End of UDP port range for WebRTC";

     

       83
       +
                   };

     

       84
       +
       

     

       85
       +
                   use_external_ip = lib.mkOption {

     

       86
       +
                     type = lib.types.bool;

     

       87
       +
                     default = false;

     

       88
       +
                     description = ''

     

       89
       +
                       When set to true, attempts to discover the host's public IP via STUN.

     

       90
       +
                       This is useful for cloud environments such as AWS & Google where hosts have an internal IP that maps to an external one.

     

       91
       +
                     '';

     

       92
       +
                   };

     

       93
       +
                 };

     

       94
       +
               };

     

       95
       +
             };

     

       96
       +
             default = { };

     

       97
       +
             description = ''

     

       98
       +
               LiveKit Ingress configuration.

     

       99
       +
       

     

       100
       +
               See <https://github.com/livekit/ingress?tab=readme-ov-file#config> for possible options.

     

       101
       +
             '';

     

       102
       +
             example = {

     

       103
       +
               prometheus_port = 9039;

     

       104
       +
               cpu_cost = {

     

       105
       +
                 rtmp_cpu_cost = 3.0;

     

       106
       +
                 whip_cpu_cost = 1.0;

     

       107
       +
               };

     

       108
       +
             };

     

       109
       +
           };

     

       110
       +
       

     

       111
       +
           environmentFile = lib.mkOption {

     

       112
       +
             type = lib.types.nullOr lib.types.path;

     

       113
       +
             default = null;

     

       114
       +
             description = ''

     

       115
       +
               Environment file as defined in {manpage}`systemd.exec(5)` passed to the service.

     

       116
       +
       

     

       117
       +
               Use this to specify `LIVEKIT_API_KEY` and `LIVEKIT_API_SECRET`.

     

       118
       +
             '';

     

       119
       +
           };

     

       120
       +
         };

     

       121
       +
       

     

       122
       +
         config = lib.mkIf cfg.enable {

     

       123
       +
           networking.firewall = {

     

       124
       +
             allowedTCPPorts = lib.mkMerge [

     

       125
       +
               (lib.mkIf cfg.openFirewall.rtmp [ cfg.settings.rtmp_port ])

     

       126
       +
               (lib.mkIf cfg.openFirewall.whip [ cfg.settings.whip_port ])

     

       127
       +
             ];

     

       128
       +
             allowedUDPPortRanges = lib.mkIf cfg.openFirewall.rtc [

     

       129
       +
               {

     

       130
       +
                 from = cfg.settings.rtc_config.port_range_start;

     

       131
       +
                 to = cfg.settings.rtc_config.port_range_end;

     

       132
       +
               }

     

       133
       +
             ];

     

       134
       +
           };

     

       135
       +
       

     

       136
       +
           systemd.services.livekit-ingress = {

     

       137
       +
             description = "LiveKit Ingress server";

     

       138
       +
             documentation = [ "https://docs.livekit.io/home/self-hosting/ingress/" ];

     

       139
       +
             wantedBy = [ "multi-user.target" ];

     

       140
       +
             wants = [ "network-online.target" ];

     

       141
       +
             after = [ "network-online.target" ];

     

       142
       +
       

     

       143
       +
             serviceConfig = {

     

       144
       +
               ExecStart = utils.escapeSystemdExecArgs [

     

       145
       +
                 (lib.getExe cfg.package)

     

       146
       +
                 "--config=${format.generate "ingress.yaml" settings}"

     

       147
       +
               ];

     

       148
       +
               EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;

     

       149
       +
               DynamicUser = true;

     

       150
       +
               LockPersonality = true;

     

       151
       +
               MemoryDenyWriteExecute = true;

     

       152
       +
               ProtectClock = true;

     

       153
       +
               ProtectControlGroups = true;

     

       154
       +
               ProtectHostname = true;

     

       155
       +
               ProtectKernelLogs = true;

     

       156
       +
               ProtectKernelModules = true;

     

       157
       +
               ProtectKernelTunables = true;

     

       158
       +
               PrivateDevices = true;

     

       159
       +
               PrivateMounts = true;

     

       160
       +
               PrivateUsers = true;

     

       161
       +
               RestrictAddressFamilies = [

     

       162
       +
                 "AF_INET"

     

       163
       +
                 "AF_INET6"

     

       164
       +
                 "AF_NETLINK"

     

       165
       +
               ];

     

       166
       +
               RestrictNamespaces = true;

     

       167
       +
               RestrictRealtime = true;

     

       168
       +
               ProtectHome = true;

     

       169
       +
               SystemCallArchitectures = "native";

     

       170
       +
               SystemCallFilter = [

     

       171
       +
                 "@system-service"

     

       172
       +
                 "~@privileged"

     

       173
       +
                 "~@resources"

     

       174
       +
               ];

     

       175
       +
               Restart = "on-failure";

     

       176
       +
               RestartSec = 5;

     

       177
       +
               UMask = "077";

     

       178
       +
             };

     

       179
       +
           };

     

       180
       +
         };

     

       181
       +
       }

+56 -1

nixos/modules/services/networking/livekit.nix

···

       8
        
       let

     

       9
        
         cfg = config.services.livekit;

     

       10
        
         format = pkgs.formats.json { };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
       in

     

       12
        
       {

     

       13
        
         meta.maintainers = with lib.maintainers; [ quadradical ];

     
···

       32
        
             type = lib.types.bool;

     

       33
        
             default = false;

     

       34
        
             description = "Opens port range for LiveKit on the firewall.";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       35
        
           };

     

       36
        
       

     

       37
        
           settings = lib.mkOption {

     
···

       44
        
                   description = "Main TCP port for RoomService and RTC endpoint.";

     

       45
        
                 };

     

       46
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       47
        
                 rtc = {

     

       48
        
                   port_range_start = lib.mkOption {

     

       49
        
                     type = lib.types.int;

     
···

       79
        
         };

     

       80
        
       

     

       81
        
         config = lib.mkIf cfg.enable {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       82
        
           networking.firewall = lib.mkIf cfg.openFirewall {

     

       83
        
             allowedTCPPorts = [

     

       84
        
               cfg.settings.port

     
···

       91
        
             ];

     

       92
        
           };

     

       93
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       94
        
           systemd.services.livekit = {

     

       95
        
             description = "LiveKit SFU server";

     

       96
        
             documentation = [ "https://docs.livekit.io" ];

     
···

       102
        
               LoadCredential = [ "livekit-secrets:${cfg.keyFile}" ];

     

       103
        
               ExecStart = utils.escapeSystemdExecArgs [

     

       104
        
                 (lib.getExe cfg.package)

     

       105
       -
                 "--config=${format.generate "livekit.json" cfg.settings}"

     

       106
        
                 "--key-file=/run/credentials/livekit.service/livekit-secrets"

     

       107
        
               ];

     

       108
        
               DynamicUser = true;

···

       8
        
       let

     

       9
        
         cfg = config.services.livekit;

     

       10
        
         format = pkgs.formats.json { };

     

       11
       +
         settings = lib.filterAttrsRecursive (_: v: v != null) cfg.settings;

     

       12
       +
       

     

       13
       +
         isLocallyDistributed = config.services.livekit.ingress.enable;

     

       14
        
       in

     

       15
        
       {

     

       16
        
         meta.maintainers = with lib.maintainers; [ quadradical ];

     
···

       35
        
             type = lib.types.bool;

     

       36
        
             default = false;

     

       37
        
             description = "Opens port range for LiveKit on the firewall.";

     

       38
       +
           };

     

       39
       +
       

     

       40
       +
           redis = {

     

       41
       +
             createLocally = lib.mkOption {

     

       42
       +
               type = lib.types.bool;

     

       43
       +
               default = isLocallyDistributed;

     

       44
       +
               defaultText = "true if any other Livekit component is enabled locally else false";

     

       45
       +
               description = "Whether to set up a local redis instance.";

     

       46
       +
             };

     

       47
       +
       

     

       48
       +
             host = lib.mkOption {

     

       49
       +
               type = with lib.types; nullOr str;

     

       50
       +
               default = if cfg.redis.createLocally then "127.0.0.1" else null;

     

       51
       +
               defaultText = "127.0.0.1 if config.services.livekit.redis.createLocally else null";

     

       52
       +
               description = ''

     

       53
       +
                 Address to bind local redis instance to.

     

       54
       +
               '';

     

       55
       +
             };

     

       56
       +
       

     

       57
       +
             port = lib.mkOption {

     

       58
       +
               type = with lib.types; nullOr port;

     

       59
       +
               default = null;

     

       60
       +
               description = ''

     

       61
       +
                 Port to bind local redis instance to.

     

       62
       +
               '';

     

       63
       +
             };

     

       64
        
           };

     

       65
        
       

     

       66
        
           settings = lib.mkOption {

     
···

       73
        
                   description = "Main TCP port for RoomService and RTC endpoint.";

     

       74
        
                 };

     

       75
        
       

     

       76
       +
                 redis = {

     

       77
       +
                   address = lib.mkOption {

     

       78
       +
                     type = with lib.types; nullOr str;

     

       79
       +
                     default = if isLocallyDistributed then "${cfg.redis.host}:${toString cfg.redis.port}" else null;

     

       80
       +
                     defaultText = lib.literalExpression "Local Redis host/port when a local ingress component is enabled else null";

     

       81
       +
                     example = "redis.example.com:6379";

     

       82
       +
                     description = "Host and port used to connect to a redis instance.";

     

       83
       +
                   };

     

       84
       +
                 };

     

       85
       +
       

     

       86
        
                 rtc = {

     

       87
        
                   port_range_start = lib.mkOption {

     

       88
        
                     type = lib.types.int;

     
···

       118
        
         };

     

       119
        
       

     

       120
        
         config = lib.mkIf cfg.enable {

     

       121
       +
           assertions = [

     

       122
       +
             {

     

       123
       +
               assertion = cfg.redis.createLocally -> cfg.redis.port != null;

     

       124
       +
               message = ''

     

       125
       +
                 When `services.livekit.redis.createLocally` is enabled `services.livekit.redis.port` must be configured.

     

       126
       +
               '';

     

       127
       +
             }

     

       128
       +
           ];

     

       129
       +
       

     

       130
        
           networking.firewall = lib.mkIf cfg.openFirewall {

     

       131
        
             allowedTCPPorts = [

     

       132
        
               cfg.settings.port

     
···

       139
        
             ];

     

       140
        
           };

     

       141
        
       

     

       142
       +
           # Provision a redis instance, when livekit-ingress (or later livekit-egress) are enabled on the same host

     

       143
       +
           services.redis.servers.livekit = lib.mkIf cfg.redis.createLocally {

     

       144
       +
             enable = true;

     

       145
       +
             bind = cfg.redis.host;

     

       146
       +
             port = cfg.redis.port;

     

       147
       +
           };

     

       148
       +
       

     

       149
        
           systemd.services.livekit = {

     

       150
        
             description = "LiveKit SFU server";

     

       151
        
             documentation = [ "https://docs.livekit.io" ];

     
···

       157
        
               LoadCredential = [ "livekit-secrets:${cfg.keyFile}" ];

     

       158
        
               ExecStart = utils.escapeSystemdExecArgs [

     

       159
        
                 (lib.getExe cfg.package)

     

       160
       +
                 "--config=${format.generate "livekit.json" settings}"

     

       161
        
                 "--key-file=/run/credentials/livekit.service/livekit-secrets"

     

       162
        
               ];

     

       163
        
               DynamicUser = true;

+22 -4

nixos/tests/networking/livekit.nix

···

       1
        
       {

     

       0
        
       
     

       0
        
       
     

       2
        
         pkgs,

     

       3
       -
         lib,

     

       4
        
         ...

     

       5
        
       }:

     

       6
        
       {

     
···

       14
        
               key = "f6lQGaHtM5HfgZjIcec3cOCRfiDqIine4CpZZnqdT5cE";

     

       15
        
             };

     

       16
        
             settings.port = 8000;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       17
        
           };

     

       18
        
         };

     

       19
        
       

     

       20
        
         testScript = ''

     

       21
       -
           machine.wait_for_unit("livekit.service")

     

       22
       -
           machine.wait_for_open_port(8000)

     

       23
       -
           machine.succeed("curl 127.0.0.1:8000 -L --fail")

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       24
        
         '';

     

       25
        
       }

···

       1
        
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
        
         pkgs,

     

       0
        
       
     

       5
        
         ...

     

       6
        
       }:

     

       7
        
       {

     
···

       15
        
               key = "f6lQGaHtM5HfgZjIcec3cOCRfiDqIine4CpZZnqdT5cE";

     

       16
        
             };

     

       17
        
             settings.port = 8000;

     

       18
       +
           };

     

       19
       +
       

     

       20
       +
           specialisation.ingress = {

     

       21
       +
             inheritParentConfig = true;

     

       22
       +
             configuration = {

     

       23
       +
               services.livekit = {

     

       24
       +
                 ingress.enable = true;

     

       25
       +
                 redis.port = 6379;

     

       26
       +
               };

     

       27
       +
             };

     

       28
        
           };

     

       29
        
         };

     

       30
        
       

     

       31
        
         testScript = ''

     

       32
       +
           with subtest("Test livekit service"):

     

       33
       +
             machine.wait_for_unit("livekit.service")

     

       34
       +
             machine.wait_for_open_port(8000)

     

       35
       +
             machine.succeed("curl 127.0.0.1:8000 -L --fail")

     

       36
       +
       

     

       37
       +
           with subtest("Test locally distributed livekit service with ingress component"):

     

       38
       +
             machine.succeed("${config.nodes.machine.system.build.toplevel}/specialisation/ingress/bin/switch-to-configuration test")

     

       39
       +
             machine.wait_for_unit("livekit-ingress.service")

     

       40
       +
             machine.wait_for_open_port(8080)

     

       41
       +
             machine.log(machine.succeed("curl --fail -X OPTIONS 127.0.0.1:8080/whip/test"))

     

       42
        
         '';

     

       43
        
       }

+58

pkgs/by-name/li/livekit-ingress/package.nix

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         buildGoModule,

     

       4
       +
         fetchFromGitHub,

     

       5
       +
         pkg-config,

     

       6
       +
         makeWrapper,

     

       7
       +
         glib,

     

       8
       +
         gst_all_1,

     

       9
       +
       }:

     

       10
       +
       

     

       11
       +
       buildGoModule rec {

     

       12
       +
         pname = "livekit-ingress";

     

       13
       +
         version = "1.4.3";

     

       14
       +
       

     

       15
       +
         src = fetchFromGitHub {

     

       16
       +
           owner = "livekit";

     

       17
       +
           repo = "ingress";

     

       18
       +
           tag = "v${version}";

     

       19
       +
           hash = "sha256-gt1oIAKEBwQWqDCLSsRgoe7oIk5jDNReN+dFYUNnRUc=";

     

       20
       +
         };

     

       21
       +
       

     

       22
       +
         vendorHash = "sha256-fttI+xNzHiDWKGkl20oGJOcWffElmmqNd7gbb5FiQZc=";

     

       23
       +
       

     

       24
       +
         subPackages = [ "cmd/server" ];

     

       25
       +
       

     

       26
       +
         postInstall = ''

     

       27
       +
           mv $out/bin/server $out/bin/ingress

     

       28
       +
           wrapProgram $out/bin/ingress --suffix GST_PLUGIN_SYSTEM_PATH_1_0 ":" $GST_PLUGIN_SYSTEM_PATH_1_0

     

       29
       +
         '';

     

       30
       +
       

     

       31
       +
         nativeBuildInputs = [

     

       32
       +
           pkg-config

     

       33
       +
           makeWrapper

     

       34
       +
         ];

     

       35
       +
       

     

       36
       +
         buildInputs = with gst_all_1; [

     

       37
       +
           glib

     

       38
       +
           gstreamer

     

       39
       +
           gst-plugins-base

     

       40
       +
           gst-plugins-good

     

       41
       +
           gst-plugins-bad

     

       42
       +
           gst-plugins-ugly

     

       43
       +
           gst-libav

     

       44
       +
         ];

     

       45
       +
       

     

       46
       +
         # there are no actual tests, and we don't need to spend

     

       47
       +
         # another 5 minutes of cgo to figure that out

     

       48
       +
         doCheck = false;

     

       49
       +
       

     

       50
       +
         meta = {

     

       51
       +
           description = "Ingest streams (RTMP/WHIP) or files (HLS, MP4) to LiveKit WebRTC";

     

       52
       +
           changelog = "https://github.com/livekit/ingress/releases/tag/${src.tag}";

     

       53
       +
           homepage = "https://github.com/livekit/ingress";

     

       54
       +
           license = lib.licenses.asl20;

     

       55
       +
           maintainers = with lib.maintainers; [ k900 ];

     

       56
       +
           mainProgram = "ingress";

     

       57
       +
         };

     

       58
       +
       }