107 lines
2.5 KiB
Nix
107 lines
2.5 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let extraLegoFlags = [ "--dns.resolvers=8.8.8.8:53" ];
|
|
in {
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
settings = {
|
|
server_name = "within.website";
|
|
|
|
enable_metrics = true;
|
|
url_preview_enabled = true;
|
|
|
|
max_upload_size = "100M";
|
|
|
|
enable_registration = true;
|
|
|
|
listeners = [
|
|
{
|
|
bind_addresses = [ "127.0.0.1" "::1" ];
|
|
port = 8448;
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [{
|
|
compress = false;
|
|
names = [ "client" "federation" ];
|
|
}];
|
|
}
|
|
{
|
|
bind_addresses = [ "100.77.196.9" ];
|
|
port = 8448;
|
|
type = "http";
|
|
tls = false;
|
|
resources = [{
|
|
compress = false;
|
|
names = [ "client" "federation" ];
|
|
}];
|
|
}
|
|
{
|
|
bind_addresses = [ "100.77.196.9" ];
|
|
port = 9000;
|
|
type = "metrics";
|
|
tls = false;
|
|
resources = [ ];
|
|
}
|
|
];
|
|
|
|
extraConfig = ''
|
|
registration_requires_token: true
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts = {
|
|
"matrix.within.website" = {
|
|
forceSSL = true;
|
|
useACMEHost = "within.website";
|
|
|
|
locations = {
|
|
"/".extraConfig = ''
|
|
return 404;
|
|
'';
|
|
|
|
"/_matrix" = { proxyPass = "http://127.0.0.1:8448"; };
|
|
};
|
|
};
|
|
|
|
"element.within.website" = {
|
|
forceSSL = true;
|
|
useACMEHost = "within.website";
|
|
|
|
root = pkgs.element-web.override {
|
|
conf = {
|
|
default_server_config."m.homeserver" = {
|
|
"base_url" = "https://matrix.within.website";
|
|
"server_name" = "within.website";
|
|
};
|
|
showLabsSettings = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.postgresql.enable = true;
|
|
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
|
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
|
TEMPLATE template0
|
|
LC_COLLATE = "C"
|
|
LC_CTYPE = "C";
|
|
'';
|
|
|
|
security.acme.certs."within.website" = {
|
|
group = "users";
|
|
email = "me@christine.website";
|
|
dnsProvider = "cloudflare";
|
|
credentialsFile = "/srv/within/cf.env";
|
|
extraDomainNames = [ "matrix.within.website" "element.within.website" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
age.secrets.cloudflare = {
|
|
file = ./secret/cf.env.age;
|
|
path = "/srv/within/cf.env";
|
|
};
|
|
}
|