From 92acadbfd0a588883b20041689abe628bafc3c46 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Tue, 27 Dec 2022 20:15:39 +0100 Subject: [PATCH] services: finish matrix prototype --- modules/services/server/matrix.nix | 65 ++++++++++++++++++++++++++-- secrets/services/matrix/synapse.age | Bin 1922 -> 2081 bytes 2 files changed, 62 insertions(+), 3 deletions(-) diff --git a/modules/services/server/matrix.nix b/modules/services/server/matrix.nix index 6b4b46d..1e756e8 100644 --- a/modules/services/server/matrix.nix +++ b/modules/services/server/matrix.nix @@ -4,17 +4,76 @@ { config, lib, pkgs, ... }: -{ +let + fqdn = "matrix.${config.networking.domain}"; + clientConfig = { + "m.homeserver".base_url = "https://${fqdn}"; + "m.identity_server" = {}; + }; + serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; + mkWellKnown = data: '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; +in { + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + "${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; + "${fqdn}" = { + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' + return 404; + ''; + locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + }; + }; + }; + services.matrix-synapse = { enable = true; settings = { - server_name = "kabtop.de"; - public_baseurl = "https://kabtop.de:8448"; + server_name = config.networking.domain; + listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; + } ]; + } + ]; database.args.user = "synapse"; database.args.database = "synapsedb"; extraConfigFiles = [ config.age.secrets."services/matrix/synapse.yml".path ]; }; + }; + security.acme.certs.${config.services.matrix-synapse.server_name} = { + /* insert here the right configuration to obtain a certificate */ + postRun = "systemctl restart synapse.service"; + group = "synapse"; + }; + + age.secrets."services/matrix/synapse.yml" = { + file = ../../../secrets/services/matrix/synapse.age; + owner = "synapse"; + }; } diff --git a/secrets/services/matrix/synapse.age b/secrets/services/matrix/synapse.age index e27dc49378ca7c34a25a89196e34c9d92735bb1f..1895380ae41edf7e3ce664d7645cf0a132cddcca 100644 GIT binary patch delta 2060 zcmZqTUnnp^r`{zgqb#J-)3ne$+_SPE&D_Az*f=v&Kg7_&C)Ynev#``GDY-Bs#~?K# zohvWXFDWe8A}Pv0I9uD&)5Y60z$`4p)5s^HG{?!Qs-hsrIX|S>yg17=luOr6p}06h zx2QN#A*>|Jy&#aw$<#M7qtZ1$OWQXmT|d*=IWXC`pg!5($S=d+IM^}Q+bP)Fugo&9 zvOFT)Jv7uiB{bPR%``ta%Qe@fydoemk1O9L$=x$BOxw^jvZNv{+}%9YHKZajPv1Dw zF+3>3tEeEq!qVH(pw!pgrz#^iIXN)L%Qw}cprSN0JEXEW+=VMLBEl~<)F9k4BcjMT zDafwKB)OJULO@J2$5)!n?FIywtsh%hp*TCG@#WS+fKO)<$)YQw*Dqrjxp&#)@nH8`s@%s=1XGBMxXq_Wu9J;+TvDcLZvR6jX9qbj33 z(|{|~!z854Akw!;KhrDB!a2{>&9Ja6#5t)b)v%&4IG`vmxj4l%I8eK|C^tJfs=~v> zy(rN*r6?k$!Z}F4IHR1)r=%n((lgB`x!$KF%FQ>$C?qJ<+ta%&&Cxx`q}V05s>mZu z-^VnuFf1%1!zk1=$Je@%GIgLIWf&R(>y7}EW@KLC&VMjAUCWqwJ@vL$;~&*EG$3R*o&(wti(Lqyxu=7 zDbd`=(!(*dvdF^Ax!fx-*e^3Z%{MnaJ2yAqr=--_w=5ErnhP?^bPJ43%@op$g3L|J z6&$P53vwI{(k!EbEG)ySB9e`&oXc}vjFKabGb}QFvwS1Nd_28E(=)S+a=F|+E3^Hx zb0VUOy)z;U3-gRBebb6^0}>1C&AbYt63e5sEfX`MLQOoYlE7I9Zdp)ZdTC&wf@7hV zPhpauf24kKrGG|bkY|KTVR5>*et^H9w{~%IaI!&iiiL~2rB|+Z8kbo`L}|7`Vz_gq zPgaCMK~=t4M!1igb5&?^RaBL)OS(&7kc**jVxD7~D_6a)or0}yif(#QYGQG!LcRu9 zN`Pyie`r)%d0vE}aad}oW08-(m!Xq)vQegUSyq+1vxjeZW@M&*K}b-QN2z<1p-Heu zN=2Djsc%+*NvgJ&TRGRVIPc%j?=ShVaHoJ4w@`KW zMsDTh-}Fu{aN`jdI(77=!h>lx!KYb7Z+Dh)y7N8Lu-hf|=YLCg@lH0c3;mBjxi(zC zR^13zeRt{~fo@=I34asU-NF#!8MkGbOKcuXop+ zYi{pfdi|(usNhG_cY5{H6HnDl>YIQ1n?WhtmnUDizOE6?*LoHBuj~2k#M7Q4yj_ZA zoG+Ih+US=r!8&L6h0=FLOR5;UJqvnTwj)+9}~&`a*Av})YB z|C905f}P8C7nGIn++}rF<-YoLl>~+o-gw3G*fLg`g_l?VVRGV^(VclJr~VGJ@5Mlk zLkpq~{11}(yL@8js{YU?^1cs#PZZx<=DOEulhMhi{n_FVdbW1Wkx{#MV|%Pjmv7Dt z$K&s3*6f**dOpK-)0;~tHx~=N<5`*Y<8#5=1#g{2gpOXGvia@Nn`M7~wKhIA35$Gf zJBvB4`L;vv)A7MeTxOxs%5dNM)1TXubZ>cGd=Z-&d$C1O$?3J2q~S^CiT~;y{yH>P zTw8ojl=+R=!JW-nnrU-AE_KUFa>cLQ=12`Ct=O4A-Y)BV zz2r=*?cI;&;d7?yhZKJI7MpS9hkkMR&qX?s#}4pni5+8*c(6ZAw6X5i#)~mbcft-A ze7u)naCBG3(F<{YhQ9xghq!LuaI?Ntn|%@Ak38k~FK;Y5b?5kuRS#!YtTXAEe8IIg ZZ|kxL!r#>rHu7(Azg)&@am!ax8US@uL8|}& delta 1899 zcmZ1|(8NDMr#`nh$1%?&%Bw8Pzsxwh%DmFiMc=T>E7d#HFUrr{B_+>NKi$L0&_5;2 zlPe=TEhoy*#oRn1)u-GjD&5t?GtfD}FV!N;H#DT8!q+J`EHA}0$fC?WnM>DBp}06h zx2QN#A*>|Jy&#Y)Cpfn(&BWg~GcYfsBs9XQ%p}RDtiB@D&oV5%q(Zwg!=%I_D=9L= zyC}y!EhISIJ;~d#tjfnFFik%)(zn9Nkt;B~ILA2KEiv6R$*t7DAS}{MKcd{bywE(| zB+Sh$DaWMH)7K}`Ej7o(BV4~Y(B06nDBY*fG`GB>$hokpGMUT7Te~DNyD~$+s<6P) zEXA?1xIU|-C^*k6%fc@$EZ5VdG%!qCJHjc&)FiPY+#}r5)Y37@&A=(R)F;c`s8rvS zE7PMi$IaNN&?zOPG~L}R#X{f6I50F=Ff*U4$jv3$DYLRTGr2U}#m_J-*e^dYJ3qI| zt<1>X!nMH6Ak4q2%rD>FGcvQx&B?r~#I(rG$H>yG+%P+|$Sb^p%dgDO+$WF*!)vslp)2!aLvDxF{{fIG{8u+&#@H#Wd8kLc7G%EzLW^Ezh;Mz|A1Y zqckTwG$<|EJhH$$In9DAGc3S3&C%VrtUjX5+$1!z+{8&c($g|5NZ&cqFgKzsHO;az z-^VjKN!zi)FU--xB{VIm`!p~E?(lIO`kSj66(m68UB_cmKs3f8y(a1eA!>Q8A z%rmsgIKU_0$ilm@%*fm#G~Ly}JToh&DzhxRFu$_It0365JU=xvGMy_eBgDH7*7yC{*EznO z8y7rvx*WIfV#MZ~hf8KW-XMN6-okvA>IL881qXi_?0j-y6Tg`R|6gghZNVKM=f^3u zq$iw+FZ+=raq86El^be5oS5n&xa{!TDaTE|o3^jH>Gh+V!^z^=ovPjw3p8GudO5eh ze#__4`A=&#_w;5FHW4eIPxV|WySu*Y?LRO4UUSmrkbQ^uPI>oidHcE!|E?Q{S0wz< zz0e@T?!3^^sB(SUYBtH8CbN1EtgH^-ys=oO&no|c)+T>GzByC2S6`hdDfjx_^10^Q z?o}6WV{6zTwqjG_wbNc9?~^4N_Fwy9_I1A5n&^+YvE0p*J{0e+fw8Fn+rdwZcc#kR=e}RCK||)S71ympcbihTWi4flS#$c?l|QSOikOz) z)9kwT&i-4`{bmLsmMa%rW|rN!?mqk8j7@ySD++HU#+{M>xcu{+MZ8y%y~+;@y*>M; zymyI6e`@&RgypPV0h<}M|NT5AptHBi_v$~3`i*;@C3*-ssZaUG(!pTquFSc$a}{4_ z?#6jrR{s!s6l3sm&d<9)SIG80UL}&-+8F-1@6G#=Q=g0^&QB7nn%a?U%cHh5!?X7s zTP$<>{3U8)N-^u)TzIRNWA9H$BSncH0+tV z?eZ@FxV9}RT1!-K@R?LzSn=o0qzKQh(849Dyl#7pms;lAtZP1Zv37<3b_u3vwpizD z@fq3`OPPXhM(y!3oL}=)Z~pV`XHu)4?N_Vt*nBrOCQNes-zD3BZT`EzXrIeP+Znqa OE#GKq`h3@m31R^2T=oh8