{ config, lib, pkgs, ... }: { ## Matrix configuration # Create www-html group users.groups.www-html.gid = 6848; # Add shaurya users.users.shaurya = { isNormalUser = true; home = "/home/shaurya"; description = "Shaurya"; extraGroups = [ "www-html" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com" ]; shell = pkgs.nushell; }; # Add www-html for my self users.users.nathan = { extraGroups = [ "www-html" ]; }; # Configure matrix registration services.matrix-synapse = { settings = { enable_registration_captcha = true; allow_guest_access = false; allow_public_rooms_over_federation = true; experimental_features = { spaces_enabled = true; }; auto_join_rooms = [ "#space:community.rs" "#rules:community.rs" "#info:community.rs" ]; turn_uris = [ # "turn:turn.community.rs:3478?transport=udp" # "turn:turn.community.rs:3478?transport=tcp" ]; # turn_user_lifetime = "1h"; }; extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ]; }; # Install our utilties environment.systemPackages = with pkgs; [ matrix-synapse-tools.synadm ]; # Setup a task to cleanup the database systemd.services.synapse-db-cleanup = { serviceConfig = { Type = "oneshot"; User = "postgres"; Group = "postgres"; }; path = with pkgs; [ matrix-synapse-tools.rust-synapse-compress-state ]; script = '' synapse_auto_compressor -p "user=matrix-synapse password=synapse dbname=synapse host=localhost" -c 500 -n 100 ''; }; systemd.timers.synapse-db-cleanup = { wantedBy = [ "timers.target" ]; partOf = [ "synapse-db-cleanup.service" ]; timerConfig = { # Weekly on sunday mornings OnCalendar = "Sun, 5:00"; Unit = "synapse-db-cleanup.service"; }; }; # Configure the vhost for the domain services.nginx.virtualHosts = let fqdn = let join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; in join config.networking.hostName config.networking.domain; in { "community.rs" = { enableACME = true; forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = let # use 443 instead of the default 8448 port to unite # the client-server and server-server port for simplicity server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; ''; locations."= /.well-known/matrix/client".extraConfig = let client = { "m.homeserver" = { "base_url" = "https://${fqdn}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; }; # ACAO required to allow element-web on any URL to request this json file in '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON client}'; ''; locations."/".extraConfig = '' rewrite ^(.*)$ http://www.community.rs$1 redirect; ''; }; # Main domain "www.community.rs" = { enableACME = true; forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = let # use 443 instead of the default 8448 port to unite # the client-server and server-server port for simplicity server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; ''; locations."= /.well-known/matrix/client".extraConfig = let client = { "m.homeserver" = { "base_url" = "https://${fqdn}"; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; }; # ACAO required to allow element-web on any URL to request this json file in '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON client}'; ''; root = "/var/www"; }; }; }