72 lines
1.8 KiB
Nix
72 lines
1.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
self,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib.modules) mkIf;
|
|
inherit (lib.options) mkEnableOption;
|
|
inherit (lib.lists) singleton;
|
|
inherit (builtins) toJSON;
|
|
|
|
cfg = config.modules.system.services.matrix;
|
|
|
|
port = 4926;
|
|
domain = "faukah.com";
|
|
|
|
# Taken from Max Privatevoid.
|
|
serverFederation = pkgs.writeText "server_federation.json" (toJSON {
|
|
"m.server" = "matrix.${domain}:443";
|
|
});
|
|
|
|
clientFederation = pkgs.writeText "client_federation.json" (toJSON {
|
|
"m.homeserver".base_url = "https://matrix.${domain}";
|
|
});
|
|
in
|
|
{
|
|
options.modules.system.services.matrix.enable = mkEnableOption "matrix";
|
|
config = mkIf cfg.enable {
|
|
age.secrets.registrationToken.file = "${self}/secrets/tuwunel_token_file.age";
|
|
|
|
services = {
|
|
nginx = {
|
|
enable = true;
|
|
virtualHosts.${domain} = {
|
|
addSSL = true;
|
|
enableACME = true;
|
|
locations = {
|
|
"= /.well-known/matrix/server".alias = serverFederation;
|
|
"= /.well-known/matrix/client".alias = clientFederation;
|
|
};
|
|
};
|
|
virtualHosts."matrix.${domain}" = {
|
|
addSSL = true;
|
|
enableACME = true;
|
|
locations."/_matrix".proxyPass = "http://localhost:${toString port}";
|
|
};
|
|
};
|
|
|
|
matrix-tuwunel = {
|
|
enable = true;
|
|
package = pkgs.matrix-tuwunel;
|
|
settings = {
|
|
global = {
|
|
port = singleton port;
|
|
address = [
|
|
"127.0.0.1"
|
|
"::1"
|
|
];
|
|
server_name = domain;
|
|
allow_registration = true;
|
|
allow_federation = true;
|
|
allow_encryption = true;
|
|
new_user_displayname_suffix = "";
|
|
registration_token_file = config.age.secrets.registrationToken.path;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|