diff options
| -rw-r--r-- | system/file_system_layouts/default.nix | 4 | ||||
| -rw-r--r-- | system/services/default.nix | 5 | ||||
| -rw-r--r-- | system/services/matrix/conduit/default.nix | 125 | ||||
| -rw-r--r-- | system/services/matrix/default.nix | 5 | 
4 files changed, 2 insertions, 137 deletions
| diff --git a/system/file_system_layouts/default.nix b/system/file_system_layouts/default.nix index ed18892..31b0b0b 100644 --- a/system/file_system_layouts/default.nix +++ b/system/file_system_layouts/default.nix @@ -44,10 +44,6 @@ in { device = "/srv/acme"; options = ["bind"]; }; - "/var/lib/matrix-conduit" = { - device = "/srv/matrix-conduit"; - options = ["bind"]; - }; }; }; } diff --git a/system/services/default.nix b/system/services/default.nix index 761902c..d80bdab 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,13 +1,12 @@ {config, ...}: { imports = [ ./acme - ./fail2ban - #./firewall - ./matrix + # ./firewall #./minecraft ./nginx ./nix ./opensshd ./rust-motd + ./fail2ban ]; } diff --git a/system/services/matrix/conduit/default.nix b/system/services/matrix/conduit/default.nix deleted file mode 100644 index e583ca4..0000000 --- a/system/services/matrix/conduit/default.nix +++ /dev/null @@ -1,125 +0,0 @@ -# vim: ts=2 -{ - config, - pkgs, - flake-inputs, - ... -}: let - server_name = "vhack.eu"; - - matrix_hostname = "matrix.${server_name}"; - - well_known_server = pkgs.writeText "well-known-matrix-server" '' - { - "m.server": "${matrix_hostname}" - } - ''; - - well_known_client = pkgs.writeText "well-known-matrix-client" '' - { - "m.homeserver": { - "base_url": "https://${matrix_hostname}" - } - } - ''; -in { - services.matrix-conduit = { - enable = true; - - settings.global = { - inherit server_name; - database_backend = "rocksdb"; - trusted_servers = ["matrix.org" "sils.li" "asra.gr"]; - allow_registration = false; - }; - }; - - # Configure NGINX as a reverse proxy - services.nginx = { - enable = true; - recommendedProxySettings = true; - - virtualHosts = { - "${matrix_hostname}" = { - forceSSL = true; - enableACME = true; - - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "::0"; - port = 443; - ssl = true; - } - { - addr = "::0"; - port = 8448; - ssl = true; - } - ]; - - locations."/_matrix/" = { - proxyPass = "http://backend_conduit$request_uri"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - ''; - }; - - extraConfig = '' - merge_slashes off; - ''; - }; - - "${server_name}" = { - forceSSL = true; - enableACME = true; - - locations."=/.well-known/matrix/server" = { - # Use the contents of the derivation built previously - alias = "${well_known_server}"; - - extraConfig = '' - # Set the header since by default NGINX thinks it's just bytes - default_type application/json; - ''; - }; - - locations."=/.well-known/matrix/client" = { - # Use the contents of the derivation built previously - alias = "${well_known_client}"; - - extraConfig = '' - # Set the header since by default NGINX thinks it's just bytes - default_type application/json; - - # https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients - add_header Access-Control-Allow-Origin "*"; - ''; - }; - }; - }; - - upstreams = { - "backend_conduit" = { - servers = { - "localhost:${toString config.services.matrix-conduit.settings.global.port}" = {}; - }; - }; - }; - }; - - # Open firewall ports for HTTP, HTTPS, and Matrix federation - networking.firewall.allowedTCPPorts = [80 443 8448]; - networking.firewall.allowedUDPPorts = [80 443 8448]; -} diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix deleted file mode 100644 index 7f2a357..0000000 --- a/system/services/matrix/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{config, ...}: { - imports = [ - ./conduit - ]; -} | 
