nixos-config/modules/services/server/matrix.nix

112 lines
2.8 KiB
Nix
Raw Normal View History

2022-12-10 17:23:41 +01:00
#
# System notifications
#
{ config, lib, pkgs, ... }:
2022-12-27 20:15:39 +01:00
let
fqdn = "matrix.${config.networking.domain}";
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
"m.identity_server" = {};
};
serverConfig."m.server" = "${fqdn}:443";
2022-12-27 20:15:39 +01:00
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
return 404;
'';
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
2022-12-27 20:15:39 +01:00
};
2022-12-28 16:08:10 +01:00
# "element.${config.networking.domain}" = {
# enableACME = true;
# forceSSL = true;
#
# root = pkgs.element-web.override {
# conf = {
# default_server_config = clientConfig;
# };
# };
# };
2022-12-27 20:15:39 +01:00
};
};
2022-12-10 17:23:41 +01:00
services.matrix-synapse = {
enable = true;
settings = {
2022-12-27 20:15:39 +01:00
server_name = config.networking.domain;
2022-12-28 16:08:10 +01:00
public_baseurl = "https://matrix.${config.networking.domain}";
2022-12-27 20:15:39 +01:00
listeners = [
{ port = 8008;
bind_addresses = [ "::1" ];
2022-12-27 20:15:39 +01:00
type = "http";
tls = false;
x_forwarded = true;
2022-12-28 16:08:10 +01:00
resources = [
{ names = [ "client" ]; compress = true; }
{ names = [ "federation" ]; compress = false; }
];
2022-12-27 20:15:39 +01:00
}
];
2022-12-10 17:23:41 +01:00
};
2022-12-27 21:39:08 +01:00
extraConfigFiles = [
config.age.secrets."services/matrix/synapse.yml".path
];
2022-12-27 20:15:39 +01:00
};
age.secrets."services/matrix/synapse.yml" = {
file = ../../../secrets/services/matrix/synapse.age;
2022-12-27 21:53:34 +01:00
owner = "matrix-synapse";
2022-12-27 20:15:39 +01:00
};
2022-12-28 16:08:10 +01:00
systemd.services = {
matrix-synapse = {
requires = [ "postgresql.service" ];
};
};
# users = {
# users = {
# mautrix_whatsapp = {
# uid = 3001;
# group = "mautrix_whatsapp";
# isSystemUser = true;
# };
# mautrix_telegram = {
# uid = 3002;
# group = "matrix_appservice_slack";
# isSystemUser = true;
# };
# };
# groups = {
# mautrix_whatsapp = {
# gid = 3001;
# };
# mautrix_telegram = {
# gid = 3002;
# };
# };
# };
2022-12-10 17:23:41 +01:00
}