130 lines
3.5 KiB
Nix
130 lines
3.5 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
domain = "matrix.giugl.io";
|
|
webui_domain = "chat.giugl.io";
|
|
network = import ./network.nix;
|
|
db_name = "matrix-synapse";
|
|
in {
|
|
services = {
|
|
matrix-synapse = {
|
|
enable = true;
|
|
settings = {
|
|
server_name = "${domain}";
|
|
database_name = db_name;
|
|
public_baseurl = "https://${domain}";
|
|
registration_shared_secret = "runas!";
|
|
url_preview_enabled = true;
|
|
dynamic_thumbnails = true;
|
|
withJemalloc = true;
|
|
# enable_registration = true;
|
|
app_service_config_files = [
|
|
"/var/lib/matrix-synapse/discord-registration.yaml"
|
|
# "/var/lib/matrix-synapse/hookshot-registration.yml"
|
|
# "/var/lib/matrix-synapse/telegram-registration.yaml"
|
|
];
|
|
listeners = [{
|
|
port = 8008;
|
|
bind_addresses = [ "127.0.0.1" ];
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [{
|
|
names = [ "client" "federation" ];
|
|
compress = false;
|
|
}];
|
|
}];
|
|
};
|
|
|
|
#extraConfig = ''
|
|
# auto_join_rooms:
|
|
# - "#general:matrix.giugl.io"
|
|
# max_upload_size: "50M"
|
|
#'';
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql;
|
|
ensureDatabases = [ db_name ];
|
|
ensureUsers = [{
|
|
name = db_name;
|
|
ensurePermissions = { "DATABASE \"${db_name}\"" = "ALL PRIVILEGES"; };
|
|
}];
|
|
};
|
|
|
|
nginx.virtualHosts = {
|
|
# server
|
|
${domain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
extraConfig = ''
|
|
client_max_body_size 30m;
|
|
'';
|
|
locations."= /.well-known/matrix/server".extraConfig =
|
|
let server = { "m.server" = "${domain}:443"; };
|
|
in ''
|
|
add_header Content-Type application/json;
|
|
return 200 '${builtins.toJSON server}';
|
|
'';
|
|
|
|
locations."= /.well-known/matrix/client".extraConfig = let
|
|
client = {
|
|
"m.homeserver" = { "base_url" = "https://${domain}:443"; };
|
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
|
};
|
|
# ACAO required to allow element-web on any URL to request this json file
|
|
in ''
|
|
add_header Content-Type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
return 200 '${builtins.toJSON client}';
|
|
'';
|
|
|
|
locations."/".extraConfig = ''
|
|
return 404;
|
|
'';
|
|
|
|
# forward all Matrix API calls to the synapse Matrix homeserver
|
|
locations."/_matrix" = {
|
|
proxyPass = "http://127.0.0.1:8008"; # without a trailing /
|
|
};
|
|
};
|
|
|
|
# web client
|
|
"${webui_domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
root = pkgs.element-web.override {
|
|
conf = {
|
|
default_server_config."m.homeserver" = {
|
|
"base_url" = "https://${domain}";
|
|
"server_name" = "${domain}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# discord bridge
|
|
matrix-appservice-discord = {
|
|
enable = true;
|
|
environmentFile = /secrets/matrix-appservice-discord/tokens.env;
|
|
# The appservice is pre-configured to use SQLite by default.
|
|
# It's also possible to use PostgreSQL.
|
|
settings = {
|
|
bridge = {
|
|
domain = domain;
|
|
homeserverUrl = "https://${domain}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.extraHosts = ''
|
|
${network.architect-lan} ${domain} ${webui_domain}
|
|
${network.architect-wg} ${domain} ${webui_domain}
|
|
'';
|
|
|
|
}
|