{ pkgs, lib, config, ... }: { dns.zones."ctu.cx".subdomains.dendrite.CNAME = [ "${config.networking.fqdn}." ]; age.secrets = { # restic-matrix-synapse.file = ./. + "/../../../secrets/${config.networking.hostName}/restic/matrix-synapse.age"; # matrix-sliding-sync-env.file = ./. + "/../../../secrets/${config.networking.hostName}/matrix-dendrite/sliding-sync-env.age"; matrix-private-key = { file = ./. + "/../../secrets/${config.networking.hostName}/matrix-dendrite/private-key.age"; owner = "dendrite"; }; }; services.matrix-synapse.sliding-sync = { enable = false; environmentFile = config.age.secrets.matrix-sliding-sync-env.path; settings = { SYNCV3_SERVER = "https://dendrite.ctu.cx"; SYNCV3_BINDADDR = "[::1]:8009"; }; }; users.groups.dendrite = {}; users.users.dendrite = { isSystemUser = true; home = "/var/lib/dendrite"; group = "dendrite"; }; systemd.services.dendrite.serviceConfig = { DynamicUser = lib.mkForce false; User = "dendrite"; Group = "dendrite"; }; services.dendrite = { enable = true; openRegistration = false; settings = { global.server_name = "dendrite.ctu.cx"; global.private_key = config.age.secrets.matrix-private-key.path; global.well_known_server_name = "dendrite.ctu.cx:443"; global.well_known_client_name = "https://dendrite.ctu.cx"; client_api.registration_disabled = true; }; }; services.nginx = { enable = true; virtualHosts = { "dendrite.ctu.cx" = { enableACME = true; forceSSL = true; kTLS = true; locations = { "/.well-known".proxyPass = "http://[::1]:8008"; "/_matrix".proxyPass = "http://[::1]:8008"; "/_matrix/client/unstable/org.matrix.msc3575/".proxyPass = "http://[::1]:8009/_matrix/client/unstable/org.matrix.msc3575/"; # "/_synapse".proxyPass = "http://[::1]:8008"; # "/admin/".alias = "${pkgs.synapse-admin}/"; "/".root = pkgs.cinny.override { conf = { defaultHomeserver = 0; homeserverList = [ "dendrite.ctu.cx" ]; allowCustomHomesevrers = false; }; }; }; }; }; }; }