wanderer/git.oat.zone--dark-firepit--dotfiles
1
0
Fork 0
mirror of https://git.oat.zone/dark-firepit/dotfiles synced 2024-11-26 06:08:48 +01:00
Code Issues Releases Activity
99d6d67129
git.oat.zone--dark-firepit-.../modules/services/dendrite.nix
Jill "oatmealine" Monoids 749bbcd236 dendrite & nextcloud stuff, jillo.oat.zone
2023-11-24 08:48:12 +01:00

109 lines
2.9 KiB
Nix
Raw Blame History

{ pkgs, config, lib, options, ... }:
with lib;
let
cfg = config.modules.services.dendrite;
fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
maxUploadMegabytes = 600;
in {
options.modules.services.dendrite = {
enable = mkOption {
type = types.bool;
default = false;
};
hostDomain = mkOption {
type = types.str;
default = null;
};
prefix = mkOption {
type = types.str;
default = "matrix";
};
port = mkOption {
type = types.port;
default = 8008;
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.hostDomain != null;
description = "@config.modules.services.dendrite.hostDomain@ must not equal null";
}
];
services.dendrite = {
enable = true;
httpPort = cfg.port;
# httpsPort = cfg.port;
tlsCert = "/var/lib/dendrite_keys/server.crt";
tlsKey = "/var/lib/dendrite_keys/server.key";
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
environmentFile = "/var/lib/dendrite_keys/registration_secret";
settings = {
global = {
server_name = cfg.hostDomain;
private_key = "/var/lib/dendrite_keys/private/private_key.pem";
presence = {
enable_inbound = true;
enable_outbound = true;
};
};
client_api = {
registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
};
media_api = {
max_file_size_bytes = maxUploadMegabytes;
dynamic_thumbnails = true;
};
};
};
services.nginx.virtualHosts."${fullDomain}" = {
forceSSL = true;
enableACME = true;
#listen = [
# { addr = "0.0.0.0";
# port = 443;
# ssl = true;
# }
# { addr = "[::]";
# port = 443;
# ssl = true;
# }
#];
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-RealIP $remote_addr;
proxy_read_timeout 600;
client_max_body_size ${toString maxUploadMegabytes}M;
'';
};
services.nginx.virtualHosts."${cfg.hostDomain}" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
locations."/.well-known/matrix/client".extraConfig = ''
add_header Access-Control-Allow-Origin '*';
return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
};
}
View Git Blame Copy Permalink