From 03777c3d8c67b8b21155c1cdccb56f451cfee089 Mon Sep 17 00:00:00 2001
From: Silas Schöffel <sils@sils.li>
Date: Tue, 21 Jan 2025 15:04:25 +0100
Subject: feat(modules/matrix): init on server3

---
 system/services/matrix/default.nix | 133 -------------------------------------
 1 file changed, 133 deletions(-)
 delete mode 100644 system/services/matrix/default.nix

(limited to 'system/services/matrix/default.nix')

diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix
deleted file mode 100644
index 043d9c0..0000000
--- a/system/services/matrix/default.nix
+++ /dev/null
@@ -1,133 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  fqdn = "matrix.vhack.eu";
-  clientConfig."m.homeserver".base_url = "https://${fqdn}";
-  serverConfig."m.server" = "${fqdn}:443";
-  mkWellKnown = data: ''
-    add_header Content-Type application/json;
-    add_header Access-Control-Allow-Origin *;
-    return 200 '${builtins.toJSON data}';
-  '';
-in {
-  networking.firewall.allowedTCPPorts = [80 443];
-
-  vhack.persist.directories = [
-    {
-      directory = "/var/lib/matrix";
-      user = "matrix-synapse";
-      group = "matrix-synapse";
-      mode = "0700";
-    }
-    {
-      directory = "/var/lib/mautrix-whatsapp";
-      user = "mautrix-whatsapp";
-      group = "matrix-synapse";
-      mode = "0750";
-    }
-  ];
-  systemd.tmpfiles.rules = [
-    "d /etc/matrix 0755 matrix-synapse matrix-synapse"
-  ];
-
-  services = {
-    postgresql = {
-      enable = true;
-      initialScript = pkgs.writeText "synapse-init.sql" ''
-        --Matrix:
-        CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
-        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
-          TEMPLATE template0
-          LC_COLLATE = "C"
-          LC_CTYPE = "C";
-
-        --Whatsapp-bridge:
-        CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
-        CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
-          TEMPLATE template0
-          LC_COLLATE = "C"
-          LC_CTYPE = "C";
-      '';
-    };
-
-    nginx = {
-      enable = true;
-      recommendedTlsSettings = true;
-      recommendedOptimisation = true;
-      recommendedGzipSettings = true;
-      recommendedProxySettings = true;
-      virtualHosts = {
-        "vhack.eu" = {
-          enableACME = true;
-          forceSSL = true;
-          locations = {
-            "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-            "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-          };
-        };
-        "matrix.vhack.eu" = {
-          enableACME = true;
-          forceSSL = true;
-          locations = {
-            "/".return = "404";
-            "/_matrix".proxyPass = "http://[::1]:8008";
-            "/_synapse/client".proxyPass = "http://[::1]:8008";
-          };
-        };
-      };
-    };
-
-    mautrix-whatsapp = {
-      # FIXME(@bpeetz): This was disabled because `mautrix-whatsapp` dependends on libolm.
-      # Re-enable it, when this has changed. <2024-09-06>
-      enable = false;
-      settings = {
-        appservice = {
-          database = {
-            type = "postgres";
-            uri = "postgres:///mautrix-whatsapp?host=/run/postgresql";
-          };
-          whatsapp = {
-            # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list.
-            # This also determines the WhatsApp icon
-            browser_name = "unknown";
-          };
-        };
-        homeserver.address = "https://matrix.vhack.eu";
-        bridge.permissions = {
-          "@soispha:vhack.eu" = "admin";
-          "@sils:vhack.eu" = "admin";
-          "@nightingale:vhack.eu" = "admin";
-        };
-      };
-    };
-
-    matrix-synapse = {
-      enable = true;
-      dataDir = "/var/lib/matrix";
-      configFile = "/etc/matrix/matrix.conf";
-      settings = {
-        media_store_path = "/var/lib/matrix/media_store";
-        registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}";
-        server_name = "vhack.eu";
-        listeners = [
-          {
-            port = 8008;
-            bind_addresses = ["::1"];
-            type = "http";
-            tls = false;
-            x_forwarded = true;
-            resources = [
-              {
-                names = ["client" "federation"];
-                compress = true;
-              }
-            ];
-          }
-        ];
-      };
-    };
-  };
-}
-- 
cgit 1.4.1