439 lines
16 KiB
Nix
439 lines
16 KiB
Nix
{ pkgs, lib, config, unstable, ... }:
|
|
let
|
|
fqdn =
|
|
let
|
|
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
|
|
in
|
|
join config.networking.hostName config.networking.domain;
|
|
in
|
|
{
|
|
# Punch a hole in the firewall
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
# Enable postgresql
|
|
services.postgresql.enable = true;
|
|
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
|
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
|
TEMPLATE template0
|
|
LC_COLLATE = "C"
|
|
LC_CTYPE = "C";
|
|
'';
|
|
# configure cert email
|
|
security.acme.email = "thatonelutenist@protonmail.com";
|
|
security.acme.acceptTerms = true;
|
|
# Enable nginx
|
|
services.nginx = {
|
|
enable = true;
|
|
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
|
|
# but the rest make sense as well
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
# This host section can be placed on a different host than the rest,
|
|
# i.e. to delegate from the host being accessible as ${config.networking.domain}
|
|
# to another host actually running the Matrix homeserver.
|
|
"${config.networking.domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."= /.well-known/matrix/server".extraConfig =
|
|
let
|
|
# use 443 instead of the default 8448 port to unite
|
|
# the client-server and server-server port for simplicity
|
|
server = { "m.server" = "${fqdn}:443"; };
|
|
in
|
|
''
|
|
add_header Content-Type application/json;
|
|
return 200 '${builtins.toJSON server}';
|
|
'';
|
|
locations."= /.well-known/matrix/client".extraConfig =
|
|
let
|
|
client = {
|
|
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
|
};
|
|
# ACAO required to allow element-web on any URL to request this json file
|
|
in
|
|
''
|
|
add_header Content-Type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
return 200 '${builtins.toJSON client}';
|
|
'';
|
|
locations."/".extraConfig = ''
|
|
rewrite ^(.*)$ http://www.community.rs$1 redirect;
|
|
'';
|
|
};
|
|
|
|
# Reverse proxy for Matrix client-server and server-server communication
|
|
${fqdn} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
# Or do a redirect instead of the 404, or whatever is appropriate for you.
|
|
# But do not put a Matrix Web client here! See the Element web section below.
|
|
locations."/".extraConfig = ''
|
|
rewrite ^(.*)$ http://element.community.rs$1 redirect;
|
|
'';
|
|
|
|
# forward all Matrix API calls to the synapse Matrix homeserver
|
|
locations."/_matrix" = {
|
|
proxyPass = "http://127.0.0.1:8008"; # without a trailing /
|
|
};
|
|
};
|
|
# Main domain
|
|
"www.community.rs" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."= /.well-known/matrix/server".extraConfig =
|
|
let
|
|
# use 443 instead of the default 8448 port to unite
|
|
# the client-server and server-server port for simplicity
|
|
server = { "m.server" = "${fqdn}:443"; };
|
|
in
|
|
''
|
|
add_header Content-Type application/json;
|
|
return 200 '${builtins.toJSON server}';
|
|
'';
|
|
locations."= /.well-known/matrix/client".extraConfig =
|
|
let
|
|
client = {
|
|
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
|
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
|
};
|
|
# ACAO required to allow element-web on any URL to request this json file
|
|
in
|
|
''
|
|
add_header Content-Type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
return 200 '${builtins.toJSON client}';
|
|
'';
|
|
|
|
root = "/var/www";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Enable element web
|
|
services.nginx.virtualHosts."element.${fqdn}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
serverAliases = [
|
|
"element.${config.networking.domain}"
|
|
];
|
|
|
|
root = unstable.element-web.override {
|
|
conf = {
|
|
default_server_config."m.homeserver" = {
|
|
"base_url" = "https://${fqdn}";
|
|
"server_name" = "${fqdn}";
|
|
};
|
|
showLabsSettings = true;
|
|
settingDefaults.custom_themes = [
|
|
{
|
|
"name" = "Discord Dark";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#747ff4";
|
|
"primary-color" = "#00aff4";
|
|
"warning-color" = "#ed4245d9";
|
|
"sidebar-color" = "#202225";
|
|
"roomlist-background-color" = "#2f3136";
|
|
"roomlist-text-color" = "#dcddde";
|
|
"roomlist-text-secondary-color" = "#8e9297";
|
|
"roomlist-highlights-color" = "#4f545c52";
|
|
"roomlist-separator-color" = "#40444b";
|
|
"timeline-background-color" = "#36393f";
|
|
"timeline-text-color" = "#dcddde";
|
|
"timeline-text-secondary-color" = "#b9bbbe";
|
|
"timeline-highlights-color" = "#04040512";
|
|
"reaction-row-button-selected-bg-color" = "#b9bbbe";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Dracula Flat";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#bd93f9";
|
|
"primary-color" = "#bd93f9";
|
|
"warning-color" = "#bd93f9";
|
|
"sidebar-color" = "#1e1f29";
|
|
"roomlist-background-color" = "#1e1f29";
|
|
"roomlist-text-color" = "#eeeeee";
|
|
"roomlist-text-secondary-color" = "#eeeeee";
|
|
"roomlist-highlights-color" = "#00000030";
|
|
"roomlist-separator-color" = "#00000000";
|
|
"timeline-background-color" = "#1e1f29";
|
|
"timeline-text-color" = "#eeeeee";
|
|
"timeline-text-secondary-color" = "#dddddd";
|
|
"timeline-highlights-color" = "#00000030";
|
|
"reaction-row-button-selected-bg-color" = "#b9bbbe";
|
|
};
|
|
}
|
|
|
|
{
|
|
"name" = "Dracula";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#bd93f9";
|
|
"primary-color" = "#bd93f9";
|
|
"warning-color" = "#bd93f9";
|
|
"sidebar-color" = "#1e1f29";
|
|
"roomlist-background-color" = "#1e1f29";
|
|
"roomlist-text-color" = "#eeeeee";
|
|
"roomlist-text-secondary-color" = "#eeeeee";
|
|
"roomlist-highlights-color" = "#00000030";
|
|
"roomlist-separator-color" = "#4d4d4d90";
|
|
"timeline-background-color" = "#282A36";
|
|
"timeline-text-color" = "#eeeeee";
|
|
"timeline-text-secondary-color" = "#dddddd";
|
|
"timeline-highlights-color" = "#00000030";
|
|
"reaction-row-button-selected-bg-color" = "#b9bbbe";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Geeko dark theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#73ba25";
|
|
"primary-color" = "#35b9ab";
|
|
"warning-color" = "#bf616a";
|
|
|
|
"sidebar-color" = "#2a2a2a";
|
|
"roomlist-background-color" = "#4a4a4a";
|
|
"roomlist-text-color" = "#fff";
|
|
"roomlist-text-secondary-color" = "#ddd";
|
|
"roomlist-highlights-color" = "#2a2a2a";
|
|
"roomlist-separator-color" = "#3a3a3a";
|
|
|
|
"timeline-background-color" = "#3a3a3a";
|
|
"timeline-text-color" = "#eee";
|
|
"timeline-text-secondary-color" = "#6da741";
|
|
"timeline-highlights-color" = "#bf616a";
|
|
"reaction-row-button-selected-bg-color" = "#bf616a";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Luxury Dark theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#D9BC00";
|
|
"primary-color" = "#FFDD00";
|
|
"warning-color" = "#FBC403";
|
|
|
|
"sidebar-color" = "#020F1B";
|
|
"roomlist-background-color" = "#011223";
|
|
"roomlist-highlights-color" = "#1E354A";
|
|
"roomlist-separator-color" = "#05192D";
|
|
"roomlist-text-color" = "#FFEC70";
|
|
"roomlist-text-secondary-color" = "#FFF3A4";
|
|
|
|
"timeline-background-color" = "#05192D";
|
|
"timeline-highlights-color" = "#011223";
|
|
"timeline-text-color" = "#FFF3A4";
|
|
"timeline-text-secondary-color" = "#A79000";
|
|
"reaction-row-button-selected-bg-color" = "#FFEC70";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Nord dark theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#a3be8c";
|
|
"primary-color" = "#88c0d0";
|
|
"warning-color" = "#bf616a";
|
|
|
|
"sidebar-color" = "#2e3440";
|
|
"roomlist-background-color" = "#3b4252";
|
|
"roomlist-text-color" = "#ebcb8b";
|
|
"roomlist-text-secondary-color" = "#e5e9f0";
|
|
"roomlist-highlights-color" = "#2e3440";
|
|
"roomlist-separator-color" = "#434c5e";
|
|
|
|
"timeline-background-color" = "#434c5e";
|
|
"timeline-text-color" = "#eceff4";
|
|
"timeline-text-secondary-color" = "#81a1c1";
|
|
"timeline-highlights-color" = "#3b4252";
|
|
"reaction-row-button-selected-bg-color" = "#bf616a";
|
|
};
|
|
}
|
|
|
|
{
|
|
"name" = "Nord light theme";
|
|
"is_dark" = false;
|
|
"colors" = {
|
|
"accent-color" = "#a3be8c";
|
|
"primary-color" = "#5e81ac";
|
|
"warning-color" = "#bf616a";
|
|
|
|
"sidebar-color" = "#d8dee9";
|
|
"roomlist-background-color" = "#e5e9f0";
|
|
"roomlist-text-color" = "#d08770";
|
|
"roomlist-text-secondary-color" = "#3b4252";
|
|
"roomlist-highlights-color" = "#eceff4";
|
|
"roomlist-separator-color" = "#eceff4";
|
|
|
|
"timeline-background-color" = "#eceff4";
|
|
"timeline-text-color" = "#2e3440";
|
|
"timeline-text-secondary-color" = "#3b4252";
|
|
"timeline-highlights-color" = "#e5e9f0";
|
|
"reaction-row-button-selected-bg-color" = "#bf616a";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Selenized black theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#70b433";
|
|
"primary-color" = "#4695f7";
|
|
"warning-color" = "#ed4a46";
|
|
|
|
"sidebar-color" = "#181818";
|
|
"roomlist-background-color" = "#252525";
|
|
"roomlist-text-color" = "#ffffff";
|
|
"roomlist-text-secondary-color" = "#b9b9b9";
|
|
"roomlist-highlights-color" = "#3b3b3b";
|
|
"roomlist-separator-color" = "#121212";
|
|
|
|
"timeline-background-color" = "#181818";
|
|
"timeline-text-color" = "#FFFFFF";
|
|
"timeline-text-secondary-color" = "#777777";
|
|
"timeline-highlights-color" = "#252525";
|
|
"reaction-row-button-selected-bg-color" = "#4695f7";
|
|
};
|
|
}
|
|
|
|
{
|
|
"name" = "Selenized dark theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#41c7b9";
|
|
"primary-color" = "#4695f7";
|
|
"warning-color" = "#fa5750";
|
|
|
|
"sidebar-color" = "#103c48";
|
|
"roomlist-background-color" = "#184956";
|
|
"roomlist-text-color" = "#dbb32d";
|
|
"roomlist-text-secondary-color" = "#FFFFFF";
|
|
"roomlist-highlights-color" = "#2d5b69";
|
|
"roomlist-separator-color" = "#2d5b69";
|
|
|
|
"timeline-background-color" = "#2d5b69";
|
|
"timeline-text-color" = "#FFFFFF";
|
|
"timeline-text-secondary-color" = "#72898f";
|
|
"timeline-highlights-color" = "#184956";
|
|
"reaction-row-button-selected-bg-color" = "#4695f7";
|
|
};
|
|
}
|
|
|
|
|
|
{
|
|
"name" = "Selenized light theme";
|
|
"is_dark" = false;
|
|
"colors" = {
|
|
"accent-color" = "#ad8900";
|
|
"primary-color" = "#009c8f";
|
|
"warning-color" = "#d2212d";
|
|
|
|
"sidebar-color" = "#d5cdb6";
|
|
"roomlist-background-color" = "#ece3cc";
|
|
"roomlist-text-color" = "#c25d1e";
|
|
"roomlist-text-secondary-color" = "#000000";
|
|
"roomlist-highlights-color" = "#fbf3db";
|
|
"roomlist-separator-color" = "#fbf3db";
|
|
|
|
"timeline-background-color" = "#fbf3db";
|
|
"timeline-text-color" = "#000000";
|
|
"timeline-text-secondary-color" = "#777777";
|
|
"timeline-highlights-color" = "#ece3cc";
|
|
"reaction-row-button-selected-bg-color" = "#4695f7";
|
|
};
|
|
}
|
|
{
|
|
"name" = "Solarized Dark";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#b58900";
|
|
"primary-color" = "#268bd2";
|
|
"warning-color" = "#dc322f";
|
|
"sidebar-color" = "#002b36";
|
|
"roomlist-background-color" = "#073642";
|
|
"roomlist-text-color" = "#839496";
|
|
"roomlist-text-secondary-color" = "#93a1a1";
|
|
"roomlist-highlights-color" = "#586e75";
|
|
"timeline-background-color" = "#002b36";
|
|
"timeline-text-color" = "#839496";
|
|
"timeline-text-secondary-color" = "#586e75";
|
|
"timeline-highlights-color" = "#073642";
|
|
"reaction-row-button-selected-bg-color" = "#268bd2";
|
|
};
|
|
}
|
|
{
|
|
"name" = "ThomCat black theme";
|
|
"is_dark" = true;
|
|
"colors" = {
|
|
"accent-color" = "#cc7b19";
|
|
"primary-color" = "#9F8652";
|
|
"warning-color" = "#f9c003";
|
|
"sidebar-color" = "#000000";
|
|
"roomlist-background-color" = "#191919";
|
|
"roomlist-text-color" = "#cc7b19";
|
|
"roomlist-text-secondary-color" = "#e5e5e5";
|
|
"roomlist-highlights-color" = "#323232";
|
|
"roomlist-separator-color" = "#4c4c4c";
|
|
"timeline-background-color" = "#000000";
|
|
"timeline-text-color" = "#e5e5e5";
|
|
"timeline-text-secondary-color" = "#b2b2b2";
|
|
"timeline-highlights-color" = "#212121";
|
|
"reaction-row-button-selected-bg-color" = "#cc7b19";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
# Matrix recaptcha keys
|
|
sops.secrets."matrix-secrets.yaml" = {
|
|
owner = config.users.users.nobody.name;
|
|
group = config.users.users.nobody.name;
|
|
mode = "0440";
|
|
format = "binary";
|
|
sopsFile = ../../secrets/matrix-community-recaptcha;
|
|
};
|
|
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
server_name = config.networking.domain;
|
|
listeners = [
|
|
{
|
|
port = 8008;
|
|
bind_address = "0.0.0.0";
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [
|
|
{
|
|
names = [ "client" "federation" ];
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
enable_registration = true;
|
|
enable_registration_captcha = true;
|
|
allow_guest_access = false;
|
|
extraConfig = ''
|
|
allow_public_rooms_over_federation: true
|
|
experimental_features: { spaces_enabled: true }
|
|
auto_join_rooms: [ "#space:community.rs" , "#rust:community.rs" , "#rules:community.rs" , "#info:community.rs" ]
|
|
'';
|
|
turn_uris = [ "turn:turn.community.rs:3478?transport=udp" "turn:turn.community.rs:3478?transport=tcp" ];
|
|
turn_user_lifetime = "1h";
|
|
# Configure secrets
|
|
extraConfigFiles = [ config.sops.secrets."matrix-secrets.yaml".path ];
|
|
};
|
|
}
|