OpenVolt/nyxtumops
1
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
alpha
nyxtumops/domains/openvolt.tk/services/matrix-synapse.nix.wip
Jacob Hrbek 8cc1197dda Alpha release on request 
Signed-off-by: Jacob Hrbek <kreyren@fsfe.org>
2021-09-05 08:02:09 +02:00

75 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

# Reference(Krey): https://nixos.org/manual/nixos/stable/index.html#module-services-matrix-synapse
# Reference(Krey): https://web.archive.org/web/20210418105434/https://github.com/matrix-org/synapse/blob/master/docs/ACME.md
# Reference(Krey): https://matrix.org/blog/2016/02/10/advanced-synapse-setup-with-lets-encrypt
# Reference(Krey): The wiki page https://nixos.wiki/wiki/Matrix
{ config, lib, pkgs, ... }: {
# ${services.matrix-synapse.listeners."${config.networking.fqdn}".port}
networking.firewall.allowedTCPPorts = if(config.services.matrix-synapse.enable == true)
then [ 80 443 ]
else [ ];
# NOTE(Krey): synapse requries postgresql database
services.postgresql.enable = config.services.matrix-synapse.enable;
services.matrix-synapse = {
# FIXME(Krey): Integrate a trigger
tls_certificate_path = "/var/lib/acme/${config.networking.fqdn}/cert.pem";
tls_private_key_path = "/var/lib/acme/${config.networking.fqdn}/key.pem";
};
# DND(Krey): Resolve the password in a safe way
# FIXME(Krey): Trigger only if needed
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = {
server_name = "synapse.${config.networking.fqdn}";
enable_registration = false;
};
services.nginx = {
# NOTE(Krey): Using nginx to provide TLS for synapse
enable = config.services.matrix-synapse.enable;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.networking.fqdn}" = {
addSSL = true;
enableACME = true;
root = "/var/www/${config.networking.fqdn}";
};
};
};
services.bind.zones = {
"synapse.${config.networking.fqdn}" = {
extraConfig = "";
file = "/var/dns/synapse.${config.networking.fqdn}";
master = false;
masters = [ "192.168.0.1" ];
slaves = [ ];
};
};
#security.acme.certs = if(config.services.matrix-synapse.enable == true)
# then {
# "synapse.${config.networking.fqdn}" = {
# webroot = "/var/lib/acme/acme-challenge/";
# email = "kreyren+synapse@rixotstudio.cz";
# };
# }
# else "";
# security.acme.certs = {
# "synapse.${config.networking.fqdn}" = {
# webroot = "/var/lib/acme/acme-challenge/";
# email = "kreyren+synapse@rixotstudio.cz";
# };
# };
}
Reference in New Issue View Git Blame Copy Permalink