From 5165d0dfd4abe8a9ce8d70cfc80a5dd0abf85ed3 Mon Sep 17 00:00:00 2001
From: Mike Cugini <mike@betamike.com>
Date: Sun, 13 Nov 2022 15:08:29 -0500
Subject: [PATCH] update matrix and gitea

---
 nixos_configs/git.nix    |   7 ++-
 nixos_configs/matrix.nix | 110 +++++++++++++++++++--------------------
 2 files changed, 61 insertions(+), 56 deletions(-)

diff --git a/nixos_configs/git.nix b/nixos_configs/git.nix
index 0990fb5..6ed4bc5 100644
--- a/nixos_configs/git.nix
+++ b/nixos_configs/git.nix
@@ -44,7 +44,12 @@ in
 
     disableRegistration = true;
 
-    settings.server.LANDING_PAGE = "explore";
+    settings = {
+      server.LANDING_PAGE = "explore";
+      "repository.upload" = {
+        FILE_MAX_SIZE = 50;
+      };
+    };
   };
 
   services.nginx = {
diff --git a/nixos_configs/matrix.nix b/nixos_configs/matrix.nix
index 4cff2f7..5aabf92 100644
--- a/nixos_configs/matrix.nix
+++ b/nixos_configs/matrix.nix
@@ -18,6 +18,17 @@ let
     let
       join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
     in join config.networking.hostName config.networking.domain;
+  clientConfig = {
+    "m.homeserver".base_url = "https://${fqdn}";
+    "server_name" = "${config.networking.domain}";
+    "m.identity_server" = {};
+  };
+  serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
+  mkWellKnown = data: ''
+    add_header Content-Type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
 in {
   imports = [
      "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
@@ -52,7 +63,7 @@ in {
 
   services.postgresql = {
     enable = true;
-    dataDir = "${storage-dir}/db-new";
+    dataDir = "${storage-dir}/db";
 
     initialScript = pkgs.writeText "synapse-init.sql" ''
       CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
@@ -77,28 +88,8 @@ in {
       "${config.networking.domain}" = {
         enableACME = true;
         forceSSL = true;
-
-        locations."= /.well-known/matrix/server".extraConfig =
-          let
-            # use 443 instead of the default 8448 port to unite
-            # the client-server and server-server port for simplicity
-            server = { "m.server" = "${fqdn}:443"; };
-          in ''
-            add_header Content-Type application/json;
-            return 200 '${builtins.toJSON server}';
-          '';
-        locations."= /.well-known/matrix/client".extraConfig =
-        let
-          client = {
-            "m.homeserver" =  { "base_url" = "https://${fqdn}"; };
-            "m.identity_server" =  { "base_url" = "https://vector.im"; };
-          };
-        # ACAO required to allow element-web on any URL to request this json file
-        in ''
-          add_header Content-Type application/json;
-          add_header Access-Control-Allow-Origin *;
-          return 200 '${builtins.toJSON client}';
-        '';
+        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
         locations."/".extraConfig = ''
           return 301 https://waffle.farm/register;
         '';
@@ -121,9 +112,11 @@ in {
           return 301 https://chat.waffle.farm;
         '';
 
-        # forward all Matrix API calls to the synapse Matrix homeserver
         locations."/_matrix" = {
-          proxyPass = "http://[::1]:8008"; # without a trailing /
+          proxyPass = "http://[::1]:8008";
+        };
+        locations."/_synapse/client" = {
+          proxyPass = "http://[::1]:8008";
         };
       };
 
@@ -135,10 +128,7 @@ in {
         ];
         root = pkgs.element-web.override {
           conf = {
-            default_server_config."m.homeserver" = {
-              "base_url" = "https://${fqdn}";
-              "server_name" = "${config.networking.domain}";
-            };
+            default_server_config = clientConfig;
           };
         };
       };
@@ -146,32 +136,42 @@ in {
   };
   services.matrix-synapse = {
     enable = true;
-    server_name = config.networking.domain;
-    registration_shared_secret = secrets.matrix.registration_secret;
-    extraConfig = ''
-      allow_public_rooms_over_federation: true
-      auto_join_rooms:
-        - "#cryptic-chat:waffle.farm"
-      app_service_config_files:
-        - "${slack-reg-dest-yaml}"
-        - "${discord-reg-dest-yaml}"
-    '';
-
-    listeners = [
-      {
-        port = 8008;
-        bind_address = "::1";
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-        resources = [
-          {
-            names = [ "client" "federation" ];
-            compress = false;
-          }
-        ];
-      }
-    ];
+    settings = {
+      server_name = config.networking.domain;
+      allow_public_rooms_over_federation = true;
+      auto_join_rooms = [
+        "#cryptic-chat:waffle.farm"
+      ];
+      app_service_config_files = [
+        "${slack-reg-dest-yaml}"
+        "${discord-reg-dest-yaml}"
+      ];
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = ["::1"];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = [ "client" "federation" ];
+              compress = true;
+            }
+          ];
+        }
+      ];
+    };
+    extraConfigFiles = [ "${storage-dir}/matrix_cfg" ];
+    # registration_shared_secret = secrets.matrix.registration_secret;
+    # extraConfig = ''
+    #   allow_public_rooms_over_federation: true
+    #   auto_join_rooms:
+    #     - "#cryptic-chat:waffle.farm"
+    #   app_service_config_files:
+    #     - "${slack-reg-dest-yaml}"
+    #     - "${discord-reg-dest-yaml}"
+    # '';
   };
   security.acme.acceptTerms = true;
   security.acme.certs = {