Camelot: Add Matrix server

2024-07-15 17:23:09 +02:00 · 2024-07-15 17:23:09 +02:00 · adb0f2bff9
parent 20e36c5bd8
commit adb0f2bff9
2 changed files with 66 additions and 0 deletions
--- a/configurations/camelot/default.nix
+++ b/configurations/camelot/default.nix
@ -43,6 +43,7 @@
    ./wireguard.nix
    ./nextcloud.nix
    ./gotosocial.nix
+    ./matrix.nix
  ];

  swapDeviceUUID = "a7c628ab-c5cb-4094-89d0-19b153fbead4";
--- a/configurations/camelot/matrix.nix
+++ b/configurations/camelot/matrix.nix
@ -0,0 +1,65 @@
+{ config, ... }:
+let
+  conduitConfig = config.services.matrix-conduit.settings;
+in {
+  services.matrix-conduit = {
+    enable = true;
+
+    settings = {
+      global = {
+        server_name = "dalaran.fr";
+        address = "127.0.0.1";
+        database_backend = "rocksdb";
+
+        enable_lightning_bolt = false;
+        allow_registration = false;
+        well_known = {
+          client = "https://matrix.dalaran.fr";
+          server = "matrix.dalaran.fr:443";
+        };
+      };
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "dalaran.fr".locations."/.well-known/matrix/" = {
+      return = "301 https://matrix.dalaran.fr$request_uri";
+    };
+
+    "matrix.dalaran.fr" = {
+      enableACME = true;
+      addSSL = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 8448;
+          ssl = true;
+        }
+        {
+          addr= "[::]";
+          port = 8448;
+          ssl = true;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr= "[::]";
+          port = 443;
+          ssl = true;
+        }
+      ];
+      
+      locations."/" = {
+        recommendedProxySettings = true;
+        proxyPass = "http://${conduitConfig.global.address}:${builtins.toString conduitConfig.global.port}";
+      };
+
+      extraConfig = "client_max_body_size 20M;";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 443 8448 ];
+}