robot, also continuwuity, also zram

2026-01-26 21:40:03 +01:00
parent 2386fea0eb
commit 8c0db96ca4
8 changed files with 220 additions and 154 deletions
--- a/modules/nixos/matrix-conduit.nix
+++ b/modules/nixos/matrix-conduit.nix
@@ -1,82 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  well_known_server = pkgs.writeText "well-known-matrix-server" ''
-    {
-      "m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}"
-    }
-  '';
-  well_known_client = pkgs.writeText "well-known-matrix-client" ''
-    {
-      "m.homeserver": {
-        "base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}"
-      }
-  '';
-in {
-  services.matrix-conduit = {
-    enable = true;
-    settings.global = {
-      server_name = "${config.networking.domain}";
-    };
-  };
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "matrix.${config.services.matrix-conduit.settings.global.server_name}" = {
-        forceSSL = true;
-        enableACME = true;
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 8448;
-            ssl = true;
-          }
-        ];
-        locations."/_matrix/" = {
-          proxyPass = "http://backend_conduit$request_uri";
-          proxyWebsockets = true;
-          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_buffering off;
-          '';
-        };
-        extraConfig = ''
-          merge_slashes off;
-        '';
-      };
-      "${config.services.matrix-conduit.settings.global.server_name}" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/.well-known/matrix/server/" = {
-          alias = "${well_known_server}";
-          extraConfig = ''
-            default_type application/json;
-          '';
-        };
-        locations."/.well-known/matrix/client/" = {
-          alias = "${well_known_client}";
-          extraConfig = ''
-            default_type application/json;
-            add_header Access-Control-Allow-Origin "";
-          '';
-        };
-      };
-    };
-    upstreams = {
-      backend-conduit = {
-        servers = {
-          "localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {};
-        };
-      };
-    };
-  };
-  networking.firewall.allowedTCPPorts = [8448];
-  networking.firewall.allowedUDPPorts = [8448];
-}
--- a/modules/nixos/matrix-continuwuity.nix
+++ b/modules/nixos/matrix-continuwuity.nix
@@ -0,0 +1,26 @@
+{config, ...}: {
+  services = {
+    matrix-continuwuity = {
+      enable = true;
+      settings = {
+        global = {
+          server_name = "${config.networking.domain}";
+          address = ["127.0.0.1"];
+          port = [6167];
+          well_known = {
+            server = "matrix.${config.networking.domain}";
+            client = "https://matrix.${config.networking.domain}";
+          };
+        };
+      };
+    };
+
+    nginx = {
+      upstreams.matrix.servers."127.0.0.1:6167" = {};
+      virtualHosts = {
+        "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
+        "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
+      };
+    };
+  };
+}
--- a/modules/nixos/matrix-synapse.nix
+++ b/modules/nixos/matrix-synapse.nix
@@ -1,65 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: let
-  fqdn = "${config.networking.hostName}.${config.networking.domain}";
-  baseUrl = "https://${fqdn}";
-  clientConfig."m.homeserver".base_url = baseUrl;
-  serverConfig."m.server" = "${fqdn}:443";
-  mkWellKnown = data: ''
-    default_type application/json;
-    add_header Access-Control-Allow-Origin *;
-    return 200 '${builtins.toJSON data}';
-  '';
-in {
-  services.postgresql.enable = true;
-  services.nginx = {
-    enable = true;
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
-    virtualHosts = {
-      "${config.networking.domain}" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-      };
-      "${fqdn}" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/".extraConfig = ''
-          return 404;
-        '';
-        locations."/_matrix".proxyPass = "http://[::1]:8008";
-        locations."/_synapse/client".proxyPass = "http://[::1]:8008";
-      };
-    };
-  };
-  services.matrix-synapse = {
-    enable = true;
-    settings.server_name = config.networking.domain;
-    settings.public_baseurl = baseUrl;
-    settings.listeners = [
-      {
-        port = 8008;
-        bind_addresses = ["::1"];
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-        resources = [
-          {
-            names = [
-              "client"
-              "federation"
-            ];
-            compress = true;
-          }
-        ];
-      }
-    ];
-  };
-}
--- a/modules/nixos/zram.nix
+++ b/modules/nixos/zram.nix
@@ -0,0 +1,8 @@
+{
+  zramSwap = {
+    enable = true;
+    priority = 100;
+    algorithm = "zstd";
+    memoryPercent = 75;
+  };
+}