diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/secrets/default.nix | 6 | ||||
| -rw-r--r-- | system/secrets/matrix-synapse/passwd.age | 14 | ||||
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/matrix/default.nix | 133 |
4 files changed, 0 insertions, 154 deletions
diff --git a/system/secrets/default.nix b/system/secrets/default.nix index a8071eb..ab89942 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -7,12 +7,6 @@ owner = "root"; group = "root"; }; - matrix-synapse_registration_shared_secret = { - file = ./matrix-synapse/passwd.age; - mode = "700"; - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; resticpass = { file = ./backup/backuppass.age; mode = "0700"; diff --git a/system/secrets/matrix-synapse/passwd.age b/system/secrets/matrix-synapse/passwd.age deleted file mode 100644 index bf8b576..0000000 --- a/system/secrets/matrix-synapse/passwd.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZMmVseVg2dGVvWUFWTzd6 -UWtrZFJoQnViYllWb0dBdDA0NTZHaXg5S0c0CmdEYmJlTFFqck1OaHVQdVVtbEtT -a2RrV3N1ZysvUFhOWUE3TFFuVURuWGcKLT4gWDI1NTE5IEp2amhvcEtiYktjTWpD -bU1iWGpGWnJVNjhhY1o1d2hkZ3JzVFFJVVJIbncKanR0cDJ5RTJVK2tmRUJ1ZFZz -TWdERGk1L1dzTFF2VVlFTzN4UHFtWVMyUQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -d1E1aW5BcUsvUEJPZVRUSUtPOVArZGFzRTBwK1cvVTlrbG8vMGl5a0NDRQo2clg2 -U1JTb1ZOVmNnQTFOa1J2Z3dsNGRXMERST0NkYWw4cG16TnhRTjh3Ci0+IDp7Q2Mt -Z3JlYXNlIF8gPzZbIDYgby5QNUIKZE01WitsUWJSdmhPNFk5Yng2dktoaW8xbndM -L3luT2RmTEpBaTczbHlWTS81bytkNGQvckVTbjMvd3RWeWlleQo3RUpHCi0tLSB3 -Z0tZRmNxeThCMHlPOVVqSFZHaWQ0OGFpTEUrdENmVWwzVHEzNzZhdGhvCm8fAu6t -6CJU7gUglt6INcFhfkTI4TZPESnsEb+2XD3gPDaO9zKfxZgTudksfBZLrbDvr3xr -YM1Og84ogdIr6f2dUq3AOxrTZv1zKyy6rXOmusfOiBTr0D8hvx8J8K695xk= ------END AGE ENCRYPTED FILE----- diff --git a/system/services/default.nix b/system/services/default.nix index 967bad0..d78ee28 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -2,7 +2,6 @@ imports = [ ./invidious ./mail - ./matrix ./minecraft ./restic ./taskserver diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix deleted file mode 100644 index 043d9c0..0000000 --- a/system/services/matrix/default.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ - config, - pkgs, - ... -}: let - fqdn = "matrix.vhack.eu"; - clientConfig."m.homeserver".base_url = "https://${fqdn}"; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - networking.firewall.allowedTCPPorts = [80 443]; - - vhack.persist.directories = [ - { - directory = "/var/lib/matrix"; - user = "matrix-synapse"; - group = "matrix-synapse"; - mode = "0700"; - } - { - directory = "/var/lib/mautrix-whatsapp"; - user = "mautrix-whatsapp"; - group = "matrix-synapse"; - mode = "0750"; - } - ]; - systemd.tmpfiles.rules = [ - "d /etc/matrix 0755 matrix-synapse matrix-synapse" - ]; - - services = { - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - --Matrix: - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - - --Whatsapp-bridge: - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { - "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - }; - "matrix.vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { - "/".return = "404"; - "/_matrix".proxyPass = "http://[::1]:8008"; - "/_synapse/client".proxyPass = "http://[::1]:8008"; - }; - }; - }; - }; - - mautrix-whatsapp = { - # FIXME(@bpeetz): This was disabled because `mautrix-whatsapp` dependends on libolm. - # Re-enable it, when this has changed. <2024-09-06> - enable = false; - settings = { - appservice = { - database = { - type = "postgres"; - uri = "postgres:///mautrix-whatsapp?host=/run/postgresql"; - }; - whatsapp = { - # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list. - # This also determines the WhatsApp icon - browser_name = "unknown"; - }; - }; - homeserver.address = "https://matrix.vhack.eu"; - bridge.permissions = { - "@soispha:vhack.eu" = "admin"; - "@sils:vhack.eu" = "admin"; - "@nightingale:vhack.eu" = "admin"; - }; - }; - }; - - matrix-synapse = { - enable = true; - dataDir = "/var/lib/matrix"; - configFile = "/etc/matrix/matrix.conf"; - settings = { - media_store_path = "/var/lib/matrix/media_store"; - registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}"; - server_name = "vhack.eu"; - listeners = [ - { - port = 8008; - bind_addresses = ["::1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = true; - } - ]; - } - ]; - }; - }; - }; -} |