Merge branch 'yshtola-build' of https://scm.wyattjmiller.com/wymiller/nix-config-v2 into yshtola-build

2026-02-23 22:31:15 -05:00
parent 14dbc1363e 7e0d58c097
commit 0718c9f18d
1 changed files with 17 additions and 13 deletions
--- a/modules/machine/yshtola/configuration.nix
+++ b/modules/machine/yshtola/configuration.nix
@@ -1,4 +1,3 @@
-
 {
  pkgs,
  userName,
@@ -231,25 +230,30 @@ in {

  # Generate LiveKit key if it doesn't exist
  systemd.services.livekit-key = {
-    before = [
-      "lk-jwt-service.service"
-      "livekit.service"
-    ];
+    before = [ "lk-jwt-service.service" "livekit.service" ];
    wantedBy = [ "multi-user.target" ];
-    path = with pkgs; [
-      livekit
-      coreutils
-      gawk
-    ];
+    path = with pkgs; [ coreutils openssl ];
    script = ''
-      echo "Key missing, generating key"
-      echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}"
+      set -eu
+
+      if [ -f "${livekitKeyFile}" ]; then
+        exit 0
+      fi
+
+      install -d -m 0700 "$(dirname "${livekitKeyFile}")"
+
+      API_KEY="$(openssl rand -hex 8)"
+      API_SECRET="$(openssl rand -hex 32)"
+
+      # keyFile format for nixpkgs services.livekit.keyFile:
+      # a YAML map of apiKey -> apiSecret (no surrounding "keys:" key)
+      umask 077
+      printf '%s: %s\n' "$API_KEY" "$API_SECRET" > "${livekitKeyFile}"
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
-    unitConfig.ConditionPathExists = "!${livekitKeyFile}";
  };

  system.stateVersion = "25.11";