System/machines/pendulum/matrix.nix

124 lines
4.0 KiB
Nix
Raw Normal View History

2023-06-04 12:31:53 -04:00
{ config, lib, pkgs, ... }:
{
## Matrix configuration
# Create www-html group
users.groups.www-html.gid = 6848;
# Add shaurya
users.users.shaurya = {
isNormalUser = true;
home = "/home/shaurya";
description = "Shaurya";
extraGroups = [ "www-html" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com"
];
shell = pkgs.nushell;
};
# Add www-html for my self
users.users.nathan = { extraGroups = [ "www-html" ]; };
# Configure matrix registration
services.matrix-synapse = {
settings = {
enable_registration_captcha = true;
allow_guest_access = false;
allow_public_rooms_over_federation = true;
experimental_features = { spaces_enabled = true; };
auto_join_rooms =
[ "#space:community.rs" "#rules:community.rs" "#info:community.rs" ];
turn_uris = [
# "turn:turn.community.rs:3478?transport=udp"
# "turn:turn.community.rs:3478?transport=tcp"
];
# turn_user_lifetime = "1h";
};
extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
};
# Install our utilties
environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ];
# Setup a task to cleanup the database
systemd.services.synapse-db-cleanup = {
serviceConfig = {
Type = "oneshot";
User = "matrix-synapse";
Group = "matrix-synapse";
2023-06-04 12:31:53 -04:00
};
path = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state ];
script = ''
synapse_auto_compressor -p "user=matrix-synapse password=synapse dbname=synapse host=localhost" -c 500 -n 100
'';
};
2023-06-09 23:10:53 -04:00
# Run the compressor
2023-06-04 12:31:53 -04:00
systemd.timers.synapse-db-cleanup = {
wantedBy = [ "timers.target" ];
partOf = [ "synapse-db-cleanup.service" ];
timerConfig = {
# Weekly on sunday mornings
OnCalendar = "Sun, 5:00";
Unit = "synapse-db-cleanup.service";
};
};
# Configure the vhost for the domain
2023-06-04 15:07:50 -04:00
services.nginx.virtualHosts = let fqdn = "matrix.community.rs";
2023-06-04 12:31:53 -04:00
in {
2023-06-04 15:06:15 -04:00
"community.rs" = {
2023-06-04 12:31:53 -04:00
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/".extraConfig = ''
rewrite ^(.*)$ http://www.community.rs$1 redirect;
'';
};
# Main domain
"www.community.rs" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
root = "/var/www";
};
};
}