diff options
| author | Martin Fischer <martin@push-f.com> | 2024-12-18 11:45:26 +0100 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2024-12-18 15:17:06 +0100 |
| commit | 5fd883a0a0f3669f1d4a6eb3711cf23f0cd04019 (patch) | |
| tree | f6a403ee61ebf0e023d5ef6cf6e16bdda4eba0d0 | |
| parent | 406754f87308c6df7b2220997744f9eab3233505 (diff) | |
tente: add matrix-synapse
| -rw-r--r-- | nixos/domains.nix | 1 | ||||
| -rw-r--r-- | nixos/tente-configuration.nix | 47 |
2 files changed, 46 insertions, 2 deletions
diff --git a/nixos/domains.nix b/nixos/domains.nix index ec3e06e..576e0de 100644 --- a/nixos/domains.nix +++ b/nixos/domains.nix @@ -5,4 +5,5 @@ in personalWebsite = domain; tailscaleControlServer = "tailscale.${domain}"; gitWebsite = "git.${domain}"; + matrixServer = "matrix.${domain}"; } diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix index 7d81630..b40bc2a 100644 --- a/nixos/tente-configuration.nix +++ b/nixos/tente-configuration.nix @@ -124,12 +124,55 @@ in }; }; - nginx.virtualHosts.${domains.personalWebsite} = { + postgresql = { + enable = true; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local sameuser all peer + ''; + }; + + matrix-synapse = { + enable = true; + settings = { + server_name = domains.personalWebsite; + }; + }; + + nginx.virtualHosts.${domains.matrixServer} = { enableACME = true; forceSSL = true; - root = "/srv/www/${domains.personalWebsite}"; + + # TODO: add locations."/" with some message + + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; + nginx.virtualHosts.${domains.personalWebsite} = + let + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + in + { + enableACME = true; + forceSSL = true; + root = "/srv/www/${domains.personalWebsite}"; + + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { + "m.server" = "${domains.matrixServer}:443"; + }; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { + "m.homeserver" = { base_url = "https://${domains.matrixServer}"; }; + }; + }; + nginx.virtualHosts.${domains.gitWebsite} = { enableACME = true; forceSSL = true; |