# # System notifications # { config, lib, pkgs, ... }: let fqdn = "matrix.${config.networking.domain}"; clientConfig = { "m.homeserver".base_url = "https://${fqdn}"; "m.identity_server" = {}; }; serverConfig."m.server" = "${fqdn}:443"; mkWellKnown = data: '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; in { services.nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "${config.networking.domain}" = { enableACME = true; forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."/_matrix".proxyPass = "http://localhost:8008"; }; "${fqdn}" = { enableACME = true; forceSSL = true; locations."/_matrix".proxyPass = "http://localhost:8008"; locations."/_synapse/client".proxyPass = "http://localhost:8008"; locations."/".extraConfig = '' return 404; ''; }; # "element.${config.networking.domain}" = { # enableACME = true; # forceSSL = true; # # root = pkgs.element-web.override { # conf = { # default_server_config = clientConfig; # }; # }; # }; }; }; services.matrix-synapse = { enable = true; settings = { server_name = config.networking.domain; public_baseurl = "https://matrix.${config.networking.domain}"; listeners = [ { port = 8008; bind_addresses = [ "::1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" ]; compress = true; } { names = [ "federation" ]; compress = false; } ]; } ]; }; # app_service_config_files = [ # "/var/lib/matrix-synapse/whatsapp-registration.yaml" # "/var/lib/matrix-synapse/telegram-registration.yaml" # "/var/lib/matrix-synapse/signal-registration.yaml" # ]; extraConfigFiles = [ config.age.secrets."services/matrix/synapse.yml".path ]; }; age.secrets."services/matrix/synapse.yml" = { file = ../../../secrets/services/matrix/synapse.age; owner = "matrix-synapse"; }; systemd.services = { matrix-synapse = { requires = [ "postgresql.service" ]; }; }; users = { users = { mautrix_whatsapp = { uid = 3001; group = "mautrix_whatsapp"; isSystemUser = true; }; mautrix_telegram = { uid = 3002; group = "mautrix_telegram"; isSystemUser = true; }; mautrix_signal = { uid = 3003; group = "mautrix_signal"; isSystemUser = true; }; }; groups = { mautrix_whatsapp = { gid = 3001; }; mautrix_telegram = { gid = 3002; }; mautrix_signal = { gid = 3003; }; }; }; services = { mautrix-telegram = { enable = true; environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path settings = { homeserver = { address = "http://localhost:8008"; domain = "kabtop.de"; }; appservice = { hostname = "127.0.0.1"; database = "postgres://${mautrixteledb}"; provisioning.enabled = false; id = "telegram"; public = { enabled = false; }; }; bridge = { sync_channel_members = true; startup_sync = true; public_portals = true; double_puppet_server_map = { "kabtop.de: https://kabtop.de"; }; encryption = { allow = true; default = true; verification_levels = { receive = "cross-signed-untrusted"; send = "cross-signed-untrusted"; }; }; private_chat_portal_meta = true; backfill = { disable_notifications = true; }; permissions = { "@kabbone:kabtop.de" = "admin"; }; }; telegram = { api_id = ${telegram-api_id}; api_hash = ${telegram-api_hash}; bot_token = ${telegram-bot_token}; }; }; }; }; age.secrets."services/matrix/mautrix-telegram.env" = { file = ../../../secrets/services/matrix/mautrix-telegram.age; owner = "mautrix-telegram"; }; }