System/machines/pendulum/matrix.nix

{ config, lib, pkgs, ... }:

{
  ## Matrix configuration

  # Create www-html group
  users.groups.www-html.gid = 6848;
  # Add shaurya
  users.users.shaurya = {
    isNormalUser = true;
    home = "/home/shaurya";
    description = "Shaurya";
    extraGroups = [ "www-html" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com"
    ];
    shell = pkgs.nushell;
  };

  # Add www-html for my self
  users.users.nathan = { extraGroups = [ "www-html" ]; };

  # Configure matrix registration
  services.matrix-synapse = {
    settings = {
      enable_registration_captcha = true;
      allow_guest_access = false;
      allow_public_rooms_over_federation = true;
      experimental_features = { spaces_enabled = true; };
      auto_join_rooms =
        [ "#space:community.rs" "#rules:community.rs" "#info:community.rs" ];
      turn_uris = [
        # "turn:turn.community.rs:3478?transport=udp"
        # "turn:turn.community.rs:3478?transport=tcp"
      ];
      # turn_user_lifetime = "1h";
    };
    extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
  };

  # Install our utilties
  environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ];

  # Setup a task to cleanup the database
  systemd.services.synapse-db-cleanup = {
    serviceConfig = {
      Type = "oneshot";
      User = "matrix-synapse";
      Group = "matrix-synapse";
    };
    path = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state ];
    script = ''
      synapse_auto_compressor -p "user=matrix-synapse password=synapse dbname=synapse host=localhost" -c 500 -n 100
    '';
  };
  # Run the compressor
  systemd.timers.synapse-db-cleanup = {
    wantedBy = [ "timers.target" ];
    partOf = [ "synapse-db-cleanup.service" ];
    timerConfig = {
      # Weekly on sunday mornings
      OnCalendar = "Sun, 5:00";
      Unit = "synapse-db-cleanup.service";
    };
  };

  # Configure the vhost for the domain
  services.nginx.virtualHosts = let fqdn = "matrix.community.rs";
  in {
    "community.rs" = {
      enableACME = true;
      forceSSL = true;

      locations."= /.well-known/matrix/server".extraConfig = let
        # use 443 instead of the default 8448 port to unite
        # the client-server and server-server port for simplicity
        server = { "m.server" = "${fqdn}:443"; };
      in ''
        add_header Content-Type application/json;
        return 200 '${builtins.toJSON server}';
      '';
      locations."= /.well-known/matrix/client".extraConfig = let
        client = {
          "m.homeserver" = { "base_url" = "https://${fqdn}"; };
          "m.identity_server" = { "base_url" = "https://vector.im"; };
        };
        # ACAO required to allow element-web on any URL to request this json file
      in ''
        add_header Content-Type application/json;
        add_header Access-Control-Allow-Origin *;
        return 200 '${builtins.toJSON client}';
      '';
      locations."/".extraConfig = ''
        rewrite ^(.*)$ http://www.community.rs$1 redirect;
      '';
    };
    # Main domain
    "www.community.rs" = {
      enableACME = true;
      forceSSL = true;
      locations."= /.well-known/matrix/server".extraConfig = let
        # use 443 instead of the default 8448 port to unite
        # the client-server and server-server port for simplicity
        server = { "m.server" = "${fqdn}:443"; };
      in ''
        add_header Content-Type application/json;
        return 200 '${builtins.toJSON server}';
      '';
      locations."= /.well-known/matrix/client".extraConfig = let
        client = {
          "m.homeserver" = { "base_url" = "https://${fqdn}"; };
          "m.identity_server" = { "base_url" = "https://vector.im"; };
        };
        # ACAO required to allow element-web on any URL to request this json file
      in ''
        add_header Content-Type application/json;
        add_header Access-Control-Allow-Origin *;
        return 200 '${builtins.toJSON client}';
      '';
      root = "/var/www";
    };
  };
}
Begin matrix migration 2023-06-04 12:31:53 -04:00			`{ config, lib, pkgs, ... }:`

			`{`
			`## Matrix configuration`

			`# Create www-html group`
			`users.groups.www-html.gid = 6848;`
			`# Add shaurya`
			`users.users.shaurya = {`
			`isNormalUser = true;`
			`home = "/home/shaurya";`
			`description = "Shaurya";`
			`extraGroups = [ "www-html" ];`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com"`
			`];`
			`shell = pkgs.nushell;`
			`};`

			`# Add www-html for my self`
			`users.users.nathan = { extraGroups = [ "www-html" ]; };`

			`# Configure matrix registration`
			`services.matrix-synapse = {`
			`settings = {`
			`enable_registration_captcha = true;`
			`allow_guest_access = false;`
			`allow_public_rooms_over_federation = true;`
			`experimental_features = { spaces_enabled = true; };`
			`auto_join_rooms =`
			`[ "#space:community.rs" "#rules:community.rs" "#info:community.rs" ];`
			`turn_uris = [`
			`# "turn:turn.community.rs:3478?transport=udp"`
			`# "turn:turn.community.rs:3478?transport=tcp"`
			`];`
			`# turn_user_lifetime = "1h";`
			`};`
			`extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];`
			`};`

			`# Install our utilties`
			`environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ];`

			`# Setup a task to cleanup the database`
			`systemd.services.synapse-db-cleanup = {`
			`serviceConfig = {`
			`Type = "oneshot";`
fix bad user for synapse database cleanup job 2023-06-19 14:59:54 -04:00			`User = "matrix-synapse";`
			`Group = "matrix-synapse";`
Begin matrix migration 2023-06-04 12:31:53 -04:00			`};`
			`path = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state ];`
			`script = ''`
			`synapse_auto_compressor -p "user=matrix-synapse password=synapse dbname=synapse host=localhost" -c 500 -n 100`
			`'';`
			`};`
fully disable synapse on matrix 2023-06-09 23:10:53 -04:00			`# Run the compressor`
Begin matrix migration 2023-06-04 12:31:53 -04:00			`systemd.timers.synapse-db-cleanup = {`
			`wantedBy = [ "timers.target" ];`
			`partOf = [ "synapse-db-cleanup.service" ];`
			`timerConfig = {`
			`# Weekly on sunday mornings`
			`OnCalendar = "Sun, 5:00";`
			`Unit = "synapse-db-cleanup.service";`
			`};`
			`};`

			`# Configure the vhost for the domain`
Tweak 2023-06-04 15:07:50 -04:00			`services.nginx.virtualHosts = let fqdn = "matrix.community.rs";`
Begin matrix migration 2023-06-04 12:31:53 -04:00			`in {`
oops 2023-06-04 15:06:15 -04:00			`"community.rs" = {`
Begin matrix migration 2023-06-04 12:31:53 -04:00			`enableACME = true;`
			`forceSSL = true;`

			`locations."= /.well-known/matrix/server".extraConfig = let`
			`# use 443 instead of the default 8448 port to unite`
			`# the client-server and server-server port for simplicity`
			`server = { "m.server" = "${fqdn}:443"; };`
			`in ''`
			`add_header Content-Type application/json;`
			`return 200 '${builtins.toJSON server}';`
			`'';`
			`locations."= /.well-known/matrix/client".extraConfig = let`
			`client = {`
			`"m.homeserver" = { "base_url" = "https://${fqdn}"; };`
			`"m.identity_server" = { "base_url" = "https://vector.im"; };`
			`};`
			`# ACAO required to allow element-web on any URL to request this json file`
			`in ''`
			`add_header Content-Type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`return 200 '${builtins.toJSON client}';`
			`'';`
			`locations."/".extraConfig = ''`
			`rewrite ^(.*)$ http://www.community.rs$1 redirect;`
			`'';`
			`};`
			`# Main domain`
			`"www.community.rs" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."= /.well-known/matrix/server".extraConfig = let`
			`# use 443 instead of the default 8448 port to unite`
			`# the client-server and server-server port for simplicity`
			`server = { "m.server" = "${fqdn}:443"; };`
			`in ''`
			`add_header Content-Type application/json;`
			`return 200 '${builtins.toJSON server}';`
			`'';`
			`locations."= /.well-known/matrix/client".extraConfig = let`
			`client = {`
			`"m.homeserver" = { "base_url" = "https://${fqdn}"; };`
			`"m.identity_server" = { "base_url" = "https://vector.im"; };`
			`};`
			`# ACAO required to allow element-web on any URL to request this json file`
			`in ''`
			`add_header Content-Type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`return 200 '${builtins.toJSON client}';`
			`'';`
			`root = "/var/www";`
			`};`
			`};`
			`}`