betamike
/
betamike-infra
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

update matrix and gitea

Browse Source
pull/1/head
Mike Cugini 1 year ago
parent cf91e88f58
commit 5165d0dfd4
2 changed files with 61 additions and 56 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 7
      nixos_configs/git.nix
  2. 110
      nixos_configs/matrix.nix

7
nixos_configs/git.nix
Unescape View File

@ -44,7 +44,12 @@ in
disableRegistration = true; disableRegistration = true;
settings.server.LANDING_PAGE = "explore"; settings = {
server.LANDING_PAGE = "explore";
"repository.upload" = {
FILE_MAX_SIZE = 50;
};
};
}; };
services.nginx = { services.nginx = {

110
nixos_configs/matrix.nix
Unescape View File

@ -18,6 +18,17 @@ let
let let
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}"; join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain; in join config.networking.hostName config.networking.domain;
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
"m.identity_server" = {};
};
serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in { in {
imports = [ imports = [
"${toString modulesPath}/virtualisation/digital-ocean-image.nix" "${toString modulesPath}/virtualisation/digital-ocean-image.nix"
@ -52,7 +63,7 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
dataDir = "${storage-dir}/db-new"; dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" '' initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
@ -77,28 +88,8 @@ in {
"${config.networking.domain}" = { "${config.networking.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/server".extraConfig = locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."/".extraConfig = '' locations."/".extraConfig = ''
return 301 https://waffle.farm/register; return 301 https://waffle.farm/register;
''; '';
@ -121,9 +112,11 @@ in {
return 301 https://chat.waffle.farm; return 301 https://chat.waffle.farm;
''; '';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = { locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing / proxyPass = "http://[::1]:8008";
};
locations."/_synapse/client" = {
proxyPass = "http://[::1]:8008";
}; };
}; };
@ -135,10 +128,7 @@ in {
]; ];
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config."m.homeserver" = { default_server_config = clientConfig;
"base_url" = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
};
}; };
}; };
}; };
@ -146,32 +136,42 @@ in {
}; };
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
server_name = config.networking.domain; settings = {
registration_shared_secret = secrets.matrix.registration_secret; server_name = config.networking.domain;
extraConfig = '' allow_public_rooms_over_federation = true;
allow_public_rooms_over_federation: true auto_join_rooms = [
auto_join_rooms: "#cryptic-chat:waffle.farm"
- "#cryptic-chat:waffle.farm" ];
app_service_config_files: app_service_config_files = [
- "${slack-reg-dest-yaml}" "${slack-reg-dest-yaml}"
- "${discord-reg-dest-yaml}" "${discord-reg-dest-yaml}"
''; ];
listeners = [
listeners = [ {
{ port = 8008;
port = 8008; bind_addresses = ["::1"];
bind_address = "::1"; type = "http";
type = "http"; tls = false;
tls = false; x_forwarded = true;
x_forwarded = true; resources = [
resources = [ {
{ names = [ "client" "federation" ];
names = [ "client" "federation" ]; compress = true;
compress = false; }
} ];
]; }
} ];
]; };
extraConfigFiles = [ "${storage-dir}/matrix_cfg" ];
# registration_shared_secret = secrets.matrix.registration_secret;
# extraConfig = ''
# allow_public_rooms_over_federation: true
# auto_join_rooms:
# - "#cryptic-chat:waffle.farm"
# app_service_config_files:
# - "${slack-reg-dest-yaml}"
# - "${discord-reg-dest-yaml}"
# '';
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.certs = { security.acme.certs = {

Write Preview
Loading…
Cancel
Save