betamike/betamike-infra
1
0
Fork 1
Code Issues Pull Requests Actions Projects Releases Wiki Activity

update matrix and gitea

Browse Source
This commit is contained in:
Mike Cugini 2022-11-13 15:08:29 -05:00
parent cf91e88f58
commit 5165d0dfd4
2 changed files with 61 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos_configs/git.nix
View File

@ -44,7 +44,12 @@ in
disableRegistration = true; disableRegistration = true;
settings.server.LANDING_PAGE = "explore"; settings = {
server.LANDING_PAGE = "explore";
"repository.upload" = {
FILE_MAX_SIZE = 50;
};
};
}; };
services.nginx = { services.nginx = {

82
nixos_configs/matrix.nix
View File

@ -18,6 +18,17 @@ let
let let
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain; in join config.networking.hostName config.networking.domain;
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
"m.identity_server" = {};
};
serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in { in {
imports = [ imports = [
"${toString modulesPath}/virtualisation/digital-ocean-image.nix" "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
@ -52,7 +63,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
dataDir = "${storage-dir}/db-new"; dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
@ -77,28 +88,8 @@ in {
"${config.networking.domain}" = { "${config.networking.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/server".extraConfig = locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/".extraConfig = '' locations."/".extraConfig = ''
return 301 https://waffle.farm/register; return 301 https://waffle.farm/register;
''; '';
@ -121,9 +112,11 @@ in {
return 301 https://chat.waffle.farm; return 301 https://chat.waffle.farm;
''; '';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = { locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing / proxyPass = "http://[::1]:8008";
};
locations."/_synapse/client" = {
proxyPass = "http://[::1]:8008";
}; };
}; };
@ -135,10 +128,7 @@ in {
]; ];
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config."m.homeserver" = { default_server_config = clientConfig;
"base_url" = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
};
}; };
}; };
}; };
@ -146,33 +136,43 @@ in {
}; };
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
settings = {
server_name = config.networking.domain; server_name = config.networking.domain;
registration_shared_secret = secrets.matrix.registration_secret; allow_public_rooms_over_federation = true;
extraConfig = '' auto_join_rooms = [
allow_public_rooms_over_federation: true "#cryptic-chat:waffle.farm"
auto_join_rooms: ];
- "#cryptic-chat:waffle.farm" app_service_config_files = [
app_service_config_files: "${slack-reg-dest-yaml}"
- "${slack-reg-dest-yaml}" "${discord-reg-dest-yaml}"
- "${discord-reg-dest-yaml}" ];
'';
listeners = [ listeners = [
{ {
port = 8008; port = 8008;
bind_address = "::1"; bind_addresses = ["::1"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ resources = [
{ {
names = [ "client" "federation" ]; names = [ "client" "federation" ];
compress = false; compress = true;
} }
]; ];
} }
]; ];
}; };
extraConfigFiles = [ "${storage-dir}/matrix_cfg" ];
# registration_shared_secret = secrets.matrix.registration_secret;
# extraConfig = ''
# allow_public_rooms_over_federation: true
# auto_join_rooms:
# - "#cryptic-chat:waffle.farm"
# app_service_config_files:
# - "${slack-reg-dest-yaml}"
# - "${discord-reg-dest-yaml}"
# '';
};
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.certs = { security.acme.certs = {
"${fqdn}".email = "mike@betamike.com"; "${fqdn}".email = "mike@betamike.com";