update matrix and gitea

This commit is contained in:
Mike Cugini 2022-11-13 15:08:29 -05:00
parent cf91e88f58
commit 5165d0dfd4
2 changed files with 61 additions and 56 deletions

View File

@ -44,7 +44,12 @@ in
disableRegistration = true;
settings.server.LANDING_PAGE = "explore";
settings = {
server.LANDING_PAGE = "explore";
"repository.upload" = {
FILE_MAX_SIZE = 50;
};
};
};
services.nginx = {

View File

@ -18,6 +18,17 @@ let
let
join = hostName: domain: hostName + lib.optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
"m.identity_server" = {};
};
serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
imports = [
"${toString modulesPath}/virtualisation/digital-ocean-image.nix"
@ -52,7 +63,7 @@ in {
services.postgresql = {
enable = true;
dataDir = "${storage-dir}/db-new";
dataDir = "${storage-dir}/db";
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD '${secrets.matrix.psql_password}';
@ -77,28 +88,8 @@ in {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow element-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/".extraConfig = ''
return 301 https://waffle.farm/register;
'';
@ -121,9 +112,11 @@ in {
return 301 https://chat.waffle.farm;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
proxyPass = "http://[::1]:8008";
};
locations."/_synapse/client" = {
proxyPass = "http://[::1]:8008";
};
};
@ -135,10 +128,7 @@ in {
];
root = pkgs.element-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "https://${fqdn}";
"server_name" = "${config.networking.domain}";
};
default_server_config = clientConfig;
};
};
};
@ -146,33 +136,43 @@ in {
};
services.matrix-synapse = {
enable = true;
settings = {
server_name = config.networking.domain;
registration_shared_secret = secrets.matrix.registration_secret;
extraConfig = ''
allow_public_rooms_over_federation: true
auto_join_rooms:
- "#cryptic-chat:waffle.farm"
app_service_config_files:
- "${slack-reg-dest-yaml}"
- "${discord-reg-dest-yaml}"
'';
allow_public_rooms_over_federation = true;
auto_join_rooms = [
"#cryptic-chat:waffle.farm"
];
app_service_config_files = [
"${slack-reg-dest-yaml}"
"${discord-reg-dest-yaml}"
];
listeners = [
{
port = 8008;
bind_address = "::1";
bind_addresses = ["::1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
compress = true;
}
];
}
];
};
extraConfigFiles = [ "${storage-dir}/matrix_cfg" ];
# registration_shared_secret = secrets.matrix.registration_secret;
# extraConfig = ''
# allow_public_rooms_over_federation: true
# auto_join_rooms:
# - "#cryptic-chat:waffle.farm"
# app_service_config_files:
# - "${slack-reg-dest-yaml}"
# - "${discord-reg-dest-yaml}"
# '';
};
security.acme.acceptTerms = true;
security.acme.certs = {
"${fqdn}".email = "mike@betamike.com";