mirror of
https://git.oat.zone/dark-firepit/dotfiles
synced 2024-11-26 06:08:48 +01:00
dendrite & nextcloud stuff, jillo.oat.zone
This commit is contained in:
parent
c2837a6ac0
commit
749bbcd236
@ -174,6 +174,11 @@ in {
|
||||
dataDir = "/var/lib/terraria";
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
domain = "nextcloud.dark-firepit.cloud";
|
||||
};
|
||||
|
||||
jmusicbot = let
|
||||
baseOptions = {
|
||||
owner = 276416332894044160;
|
||||
|
@ -151,6 +151,14 @@ in {
|
||||
proxyPass = "http://127.0.0.1:3436/";
|
||||
};
|
||||
};
|
||||
# todo: move to flake
|
||||
"jillo.oat.zone" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:15385/";
|
||||
};
|
||||
};
|
||||
"drawdog.oat.zone" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
@ -2,101 +2,107 @@
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.services.dendrite;
|
||||
fullDomain = "matrix." + cfg.hostDomain;
|
||||
cfg = config.modules.services.dendrite;
|
||||
fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
|
||||
maxUploadMegabytes = 600;
|
||||
in {
|
||||
options.modules.services.dendrite = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
options.modules.services.dendrite = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
|
||||
hostDomain = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
};
|
||||
hostDomain = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8008;
|
||||
};
|
||||
};
|
||||
prefix = mkOption {
|
||||
type = types.str;
|
||||
default = "matrix";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.hostDomain != null;
|
||||
description = "@config.modules.services.dendrite.hostDomain@ must not equal null";
|
||||
}
|
||||
];
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8008;
|
||||
};
|
||||
};
|
||||
|
||||
services.dendrite = {
|
||||
enable = true;
|
||||
httpPort = cfg.port;
|
||||
# httpsPort = cfg.port;
|
||||
tlsCert = "/var/lib/dendrite_keys/server.cert";
|
||||
tlsKey = "/var/lib/dendrite_keys/server.key";
|
||||
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
|
||||
environmentFile = "/var/lib/dendrite_keys/registration_secret";
|
||||
settings = {
|
||||
global = {
|
||||
server_name = cfg.hostDomain;
|
||||
private_key = "/var/lib/dendrite_keys/private/private_key.pem";
|
||||
presence = {
|
||||
enable_inbound = true;
|
||||
enable_outbound = true;
|
||||
};
|
||||
};
|
||||
client_api = {
|
||||
registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
|
||||
};
|
||||
media_api = {
|
||||
max_file_size_bytes = maxUploadMegabytes;
|
||||
dynamic_thumbnails = true;
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = cfg.hostDomain != null;
|
||||
description = "@config.modules.services.dendrite.hostDomain@ must not equal null";
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
services.dendrite = {
|
||||
enable = true;
|
||||
httpPort = cfg.port;
|
||||
# httpsPort = cfg.port;
|
||||
tlsCert = "/var/lib/dendrite_keys/server.crt";
|
||||
tlsKey = "/var/lib/dendrite_keys/server.key";
|
||||
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
|
||||
environmentFile = "/var/lib/dendrite_keys/registration_secret";
|
||||
settings = {
|
||||
global = {
|
||||
server_name = cfg.hostDomain;
|
||||
private_key = "/var/lib/dendrite_keys/private/private_key.pem";
|
||||
presence = {
|
||||
enable_inbound = true;
|
||||
enable_outbound = true;
|
||||
};
|
||||
};
|
||||
client_api = {
|
||||
registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
|
||||
};
|
||||
media_api = {
|
||||
max_file_size_bytes = maxUploadMegabytes;
|
||||
dynamic_thumbnails = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${fullDomain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
|
||||
listen = [
|
||||
{ addr = "0.0.0.0";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{ addr = "[::]";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
services.nginx.virtualHosts."${fullDomain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
#listen = [
|
||||
# { addr = "0.0.0.0";
|
||||
# port = 443;
|
||||
# ssl = true;
|
||||
# }
|
||||
# { addr = "[::]";
|
||||
# port = 443;
|
||||
# ssl = true;
|
||||
# }
|
||||
#];
|
||||
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-RealIP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
client_max_body_size ${toString maxUploadMegabytes}M;
|
||||
'';
|
||||
};
|
||||
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
|
||||
|
||||
services.nginx.virtualHosts."${cfg.hostDomain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-RealIP $remote_addr;
|
||||
proxy_read_timeout 600;
|
||||
client_max_body_size ${toString maxUploadMegabytes}M;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";
|
||||
services.nginx.virtualHosts."${cfg.hostDomain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
|
||||
locations."/.well-known/matrix/client".extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }';
|
||||
'';
|
||||
};
|
||||
locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
||||
};
|
||||
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
|
||||
locations."/.well-known/matrix/client".extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedUDPPorts = [ 80 443 ];
|
||||
};
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ in {
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.nextcloud24;
|
||||
default = pkgs.nextcloud27;
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
@ -28,10 +28,16 @@ in {
|
||||
}
|
||||
];
|
||||
|
||||
# vomit inducing
|
||||
# nixpkgs.config.permittedInsecurePackages = [
|
||||
# "openssl-1.1.1w"
|
||||
# ];
|
||||
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = cfg.package;
|
||||
hostName = cfg.domain;
|
||||
enableBrokenCiphersForSSE = false;
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
dbuser = "nextcloud";
|
||||
|
Loading…
Reference in New Issue
Block a user