Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

conduit setup?

Browse Source
This commit is contained in:
andromeda
2026-01-13 06:16:27 +01:00
parent dcb82ed361
commit c377598d5c
2 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
machines.nix
View File

@@ -69,6 +69,10 @@
# webmail.domain # webmail.domain
./modules/nixos/roundcube.nix ./modules/nixos/roundcube.nix
# matrix homeserver
# matrix.domain
./modules/nixos/matrix-conduit.nix
# BROKEN # BROKEN
# forgejo # forgejo
# git.domain # git.domain

81
modules/nixos/matrix-conduit.nix
View File

@@ -1,13 +1,82 @@
{config, ...}: { {
config,
pkgs,
...
}: let
well_known_server = pkgs.writeText "well-known-matrix-server" ''
{
"m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
"m.homeserver": {
"base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
in {
services.matrix-conduit = { services.matrix-conduit = {
enable = true; enable = true;
settings.global = { settings.global = {
server_name = "${config.networking.domain}"; server_name = "${config.networking.domain}";
address = "localhost";
database_backend = "rocksdb";
allow_registration = true;
allow_federation = true;
}; };
secretFile = config.age.secrets.conduit-secretFile.path;
}; };
services.nginx = {
enable = true;
virtualHosts = {
"matrix.${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {
proxyPass = "http://backend_conduit$request_uri";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
"${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server" = {
alias = "${well_known_server}";
extraConfig = ''
default_type application/json;
'';
};
locations."/.well-known/matrix/client" = {
alias = "${well_known_client}";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "";
'';
};
};
};
upstreams = {
backend-conduit = {
servers = {
"localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {};
};
};
};
};
networking.firewall.allowedTCPPorts = [8448];
networking.firewall.allowedUDPPorts = [8448];
} }