ctucx.git: nixfiles

ctucx' nixfiles

path: /machines/wanderduene/dendrite.nix 2.31 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 { pkgs, lib, config, ... }:

{

  dns.zones."ctu.cx".subdomains.dendrite.CNAME = [ "${config.networking.fqdn}." ];

  age.secrets = {
  #   restic-matrix-synapse.file        = ./. + "/../../../secrets/${config.networking.hostName}/restic/matrix-synapse.age";
  #   matrix-sliding-sync-env.file      = ./. + "/../../../secrets/${config.networking.hostName}/matrix-dendrite/sliding-sync-env.age";
    matrix-private-key = {
      file  = ./. + "/../../secrets/${config.networking.hostName}/matrix-dendrite/private-key.age";
      owner = "dendrite";
    };
  };


  services.matrix-synapse.sliding-sync = {
    enable = false;
    environmentFile = config.age.secrets.matrix-sliding-sync-env.path;
    settings = {
      SYNCV3_SERVER   = "https://dendrite.ctu.cx";
      SYNCV3_BINDADDR = "[::1]:8009";
    };
  };

  users.groups.dendrite = {};
  users.users.dendrite = {
    isSystemUser = true;
    home = "/var/lib/dendrite";
    group = "dendrite";
  };

  systemd.services.dendrite.serviceConfig = {
    DynamicUser = lib.mkForce false;
    User = "dendrite";
    Group = "dendrite";
  };

  services.dendrite = {
    enable = true;
    openRegistration = false;
    settings = {
      global.server_name = "dendrite.ctu.cx";
      global.private_key = config.age.secrets.matrix-private-key.path;

      global.well_known_server_name = "dendrite.ctu.cx:443";
      global.well_known_client_name = "https://dendrite.ctu.cx";

      client_api.registration_disabled = true;
    };
  };

  services.nginx = {
    enable       = true;
    virtualHosts = {
      "dendrite.ctu.cx" = {
        enableACME = true;
        forceSSL   = true;
        kTLS       = true;
        locations  = {
          "/.well-known".proxyPass = "http://[::1]:8008";
          "/_matrix".proxyPass = "http://[::1]:8008";
          "/_matrix/client/unstable/org.matrix.msc3575/".proxyPass = "http://[::1]:8009/_matrix/client/unstable/org.matrix.msc3575/";
#            "/_synapse".proxyPass = "http://[::1]:8008";
#            "/admin/".alias = "${pkgs.synapse-admin}/";
          "/".root             = pkgs.cinny.override {
            conf = {
              defaultHomeserver = 0;
              homeserverList    = [
                "dendrite.ctu.cx"
              ];
              allowCustomHomesevrers = false;
            };
          };
        };
      };

    };
  };
  
}