diff options
-rw-r--r-- | nixos/domains.nix | 1 | ||||
-rw-r--r-- | nixos/tente-configuration.nix | 47 |
2 files changed, 46 insertions, 2 deletions
diff --git a/nixos/domains.nix b/nixos/domains.nix index ec3e06e..576e0de 100644 --- a/nixos/domains.nix +++ b/nixos/domains.nix @@ -5,4 +5,5 @@ in personalWebsite = domain; tailscaleControlServer = "tailscale.${domain}"; gitWebsite = "git.${domain}"; + matrixServer = "matrix.${domain}"; } diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix index 7d81630..b40bc2a 100644 --- a/nixos/tente-configuration.nix +++ b/nixos/tente-configuration.nix @@ -124,12 +124,55 @@ in }; }; - nginx.virtualHosts.${domains.personalWebsite} = { + postgresql = { + enable = true; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local sameuser all peer + ''; + }; + + matrix-synapse = { + enable = true; + settings = { + server_name = domains.personalWebsite; + }; + }; + + nginx.virtualHosts.${domains.matrixServer} = { enableACME = true; forceSSL = true; - root = "/srv/www/${domains.personalWebsite}"; + + # TODO: add locations."/" with some message + + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; + nginx.virtualHosts.${domains.personalWebsite} = + let + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + in + { + enableACME = true; + forceSSL = true; + root = "/srv/www/${domains.personalWebsite}"; + + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { + "m.server" = "${domains.matrixServer}:443"; + }; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { + "m.homeserver" = { base_url = "https://${domains.matrixServer}"; }; + }; + }; + nginx.virtualHosts.${domains.gitWebsite} = { enableACME = true; forceSSL = true; |