58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
flakes,
|
|
...
|
|
}:
|
|
with lib; let
|
|
subdomain = "matrix.posixlycorrect.com";
|
|
baseUrl = "https://${subdomain}";
|
|
in {
|
|
# ver https://nixos.org/manual/nixos/stable/#module-services-matrix
|
|
services = {
|
|
matrix-conduit = {
|
|
enable = true;
|
|
package = flakes.conduwuit.packages.${pkgs.system}.default;
|
|
settings.global = {
|
|
address = "::1";
|
|
port = 6167;
|
|
allow_encryption = true;
|
|
allow_federation = true;
|
|
allow_registration = false;
|
|
database_backend = "rocksdb";
|
|
server_name = "posixlycorrect.com";
|
|
allow_check_for_updates = true;
|
|
new_user_displayname_suffix = "";
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts = let
|
|
clientConfig."m.homeserver".base_url = baseUrl;
|
|
serverConfig."m.server" = "${subdomain}:443";
|
|
mkWellKnown = data: ''
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
return 200 '${builtins.toJSON data}';
|
|
'';
|
|
in {
|
|
"posixlycorrect.com" = {
|
|
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
|
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
|
};
|
|
"${subdomain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
extraConfig = ''
|
|
proxy_headers_hash_max_size 512;
|
|
proxy_headers_hash_bucket_size 128;
|
|
'';
|
|
locations."/".extraConfig = ''
|
|
return 403;
|
|
'';
|
|
locations."/_matrix".proxyPass = "http://[::1]:6167";
|
|
locations."/_synapse/client".proxyPass = "http://[::1]:6167";
|
|
};
|
|
};
|
|
};
|
|
}
|