ctucx.git: nixfiles

ctucx' nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
{ pkgs, lib, config, ... }:

{

  dns.zones."ctucx.de".subdomains.dendrite.CNAME = [ "${config.networking.fqdn}." ];

  users.groups.dendrite = {};
  users.users.dendrite = {
    isSystemUser = true;
    home = "/var/lib/dendrite";
    group = "dendrite";
  };

  services.dendrite = {
    enable = true;
    openRegistration = false;
    settings = {
      global.server_name = "dendrite.ctucx.de";
      global.private_key = "/var/lib/dendrite/private_key.pem";

      global.well_known_server_name = "dendrite.ctucx.de:443";
      global.well_known_client_name = "https://dendrite.ctucx.de";

      client_api.registration_disabled = true;
      client_api.registration_shared_secret = "joihgpiufgpueiuessqiegp87tf-e8d7pgwiugbdpiugp87dfo87ugfodiujpfd87g97dpg97dp97";
    };
  };

  services.nginx = {
    enable       = true;
    virtualHosts = {
      "${config.services.dendrite.settings.global.server_name}" = {
        useACMEHost = "${config.networking.fqdn}";
        forceSSL    = true;
        kTLS        = true;
        locations   = {
          "/.well-known".proxyPass = "http://[::1]:8008";
          "/_matrix".proxyPass = "http://[::1]:8008";
          "/".root             = pkgs.cinny.override {
            conf = {
              defaultHomeserver = 0;
              homeserverList    = [ "${config.services.dendrite.settings.global.server_name}" ];
              allowCustomHomesevrers = false;
            };
          };
        };
      };

    };
  };

}