ctucx.git: nixfiles

machines/trabbi/matrix-synapse: generate matrix web-configs with nix

diff --git a/machines/trabbi/matrix-synapse.nix b/machines/trabbi/matrix-synapse.nix
@@ -48,8 +48,6 @@
         dynamic_thumbnails              = true;
         enable_registration             = false;
         registration_shared_secret_file = config.age.secrets.matrix-registration_shared_secret.path;
-        url_preview_enabled             = true;
-        url_preview_ip_range_blacklist  = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"];
         listeners = [{
           bind_addresses = [ "::1" ];
           port           = 8008;

@@ -76,17 +74,20 @@
       enable       = true;
       virtualHosts = {
 
-        "ctu.cx" = {
+        "ctu.cx" = let
+          matrixServerConfig = { "m.server" = "matrix.ctu.cx:443"; };
+          matrixClientConfig = { "m.homeserver" = { "base_url" = "https://matrix.ctu.cx"; }; "org.matrix.msc3575.proxy" = { "url" = "https://matrix.ctu.cx"; }; };
+        in {
           enableACME = true;
           forceSSL   = true;
           kTLS       = true;
           locations."/.well-known/matrix/server".extraConfig = ''
             add_header Content-Type application/json;
-            return 200 '{"m.server": "matrix.ctu.cx:443"}';
+            return 200 '${builtins.toJSON matrixServerConfig}';
           '';
           locations."/.well-known/matrix/client".extraConfig = ''
             add_header Content-Type application/json;
-            return 200 '{"m.homeserver": {"base_url": "https://matrix.ctu.cx"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.ctu.cx"}}';
+            return 200 '${builtins.toJSON matrixClientConfig}';
           '';
         };