2023-06-04 12:31:53 -04:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
## Matrix configuration
|
|
|
|
|
|
|
|
# Create www-html group
|
|
|
|
users.groups.www-html.gid = 6848;
|
|
|
|
# Add shaurya
|
|
|
|
users.users.shaurya = {
|
|
|
|
isNormalUser = true;
|
|
|
|
home = "/home/shaurya";
|
|
|
|
description = "Shaurya";
|
|
|
|
extraGroups = [ "www-html" ];
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com"
|
|
|
|
];
|
|
|
|
shell = pkgs.nushell;
|
|
|
|
};
|
|
|
|
|
|
|
|
# Add www-html for my self
|
|
|
|
users.users.nathan = { extraGroups = [ "www-html" ]; };
|
|
|
|
|
|
|
|
# Configure matrix registration
|
|
|
|
services.matrix-synapse = {
|
|
|
|
settings = {
|
|
|
|
enable_registration_captcha = true;
|
|
|
|
allow_guest_access = false;
|
|
|
|
allow_public_rooms_over_federation = true;
|
|
|
|
experimental_features = { spaces_enabled = true; };
|
|
|
|
auto_join_rooms =
|
|
|
|
[ "#space:community.rs" "#rules:community.rs" "#info:community.rs" ];
|
|
|
|
turn_uris = [
|
|
|
|
# "turn:turn.community.rs:3478?transport=udp"
|
|
|
|
# "turn:turn.community.rs:3478?transport=tcp"
|
|
|
|
];
|
|
|
|
# turn_user_lifetime = "1h";
|
|
|
|
};
|
|
|
|
extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# Install our utilties
|
|
|
|
environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ];
|
|
|
|
|
|
|
|
# Setup a task to cleanup the database
|
|
|
|
systemd.services.synapse-db-cleanup = {
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
2023-06-19 14:59:54 -04:00
|
|
|
User = "matrix-synapse";
|
|
|
|
Group = "matrix-synapse";
|
2023-06-04 12:31:53 -04:00
|
|
|
};
|
|
|
|
path = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state ];
|
|
|
|
script = ''
|
|
|
|
synapse_auto_compressor -p "user=matrix-synapse password=synapse dbname=synapse host=localhost" -c 500 -n 100
|
|
|
|
'';
|
|
|
|
};
|
2023-06-09 23:10:53 -04:00
|
|
|
# Run the compressor
|
2023-06-04 12:31:53 -04:00
|
|
|
systemd.timers.synapse-db-cleanup = {
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
partOf = [ "synapse-db-cleanup.service" ];
|
|
|
|
timerConfig = {
|
|
|
|
# Weekly on sunday mornings
|
|
|
|
OnCalendar = "Sun, 5:00";
|
|
|
|
Unit = "synapse-db-cleanup.service";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# Configure the vhost for the domain
|
2023-06-04 15:07:50 -04:00
|
|
|
services.nginx.virtualHosts = let fqdn = "matrix.community.rs";
|
2023-06-04 12:31:53 -04:00
|
|
|
in {
|
2023-06-04 15:06:15 -04:00
|
|
|
"community.rs" = {
|
2023-06-04 12:31:53 -04:00
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
|
|
|
|
locations."= /.well-known/matrix/server".extraConfig = let
|
|
|
|
# use 443 instead of the default 8448 port to unite
|
|
|
|
# the client-server and server-server port for simplicity
|
|
|
|
server = { "m.server" = "${fqdn}:443"; };
|
|
|
|
in ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
return 200 '${builtins.toJSON server}';
|
|
|
|
'';
|
|
|
|
locations."= /.well-known/matrix/client".extraConfig = let
|
|
|
|
client = {
|
|
|
|
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
|
|
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
|
|
|
};
|
|
|
|
# ACAO required to allow element-web on any URL to request this json file
|
|
|
|
in ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
add_header Access-Control-Allow-Origin *;
|
|
|
|
return 200 '${builtins.toJSON client}';
|
|
|
|
'';
|
|
|
|
locations."/".extraConfig = ''
|
|
|
|
rewrite ^(.*)$ http://www.community.rs$1 redirect;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
# Main domain
|
|
|
|
"www.community.rs" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."= /.well-known/matrix/server".extraConfig = let
|
|
|
|
# use 443 instead of the default 8448 port to unite
|
|
|
|
# the client-server and server-server port for simplicity
|
|
|
|
server = { "m.server" = "${fqdn}:443"; };
|
|
|
|
in ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
return 200 '${builtins.toJSON server}';
|
|
|
|
'';
|
|
|
|
locations."= /.well-known/matrix/client".extraConfig = let
|
|
|
|
client = {
|
|
|
|
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
|
|
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
|
|
|
};
|
|
|
|
# ACAO required to allow element-web on any URL to request this json file
|
|
|
|
in ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
add_header Access-Control-Allow-Origin *;
|
|
|
|
return 200 '${builtins.toJSON client}';
|
|
|
|
'';
|
|
|
|
root = "/var/www";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|