diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix index aa77cfc..170a2ce 100644 --- a/nixos/hosts/nginx/configuration.nix +++ b/nixos/hosts/nginx/configuration.nix @@ -10,8 +10,11 @@ let }; k8s_proxy = proxy "http://10.42.42.150:8000/"; clientConfig = { - "m.homeserver".base_url = "https://chat.meowy.tech"; - "m.identity_server" = {}; + "m.homeserver" = { + base_url = "https://chat.meowy.tech"; + server_name = "meowy.tech"; + }; + "m.identity_server" = { }; }; serverConfig."m.server" = "chat.meowy.tech:443"; mkWellKnown = data: '' @@ -57,6 +60,10 @@ in virtualHosts."meowy.tech" = { enableACME = true; forceSSL = true; + locations."/".extraConfig = '' + add_header Content-Type 'text/html; charset=UTF-8'; + return 200 meow; + ''; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; }; @@ -64,11 +71,28 @@ in enableACME = true; forceSSL = true; locations."/".extraConfig = '' - return 404; + return 307 https://element.chat.meowy.tech; ''; locations."/_matrix".proxyPass = "http://synapse.olympus:8008"; locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008"; }; + virtualHosts."element.chat.meowy.tech" = { + enableACME = true; + forceSSL = true; + + root = pkgs.element-web.override { + conf = { + default_server_config = clientConfig; + show_labs_settings = true; + brand = "chat.meowy.tech"; + }; + }; + }; + virtualHosts."admin.chat.meowy.tech" = { + enableACME = true; + forceSSL = true; + root = pkgs.synapse-admin; + }; # Kubernetes endpoints virtualHosts."0x76.dev" = k8s_proxy; diff --git a/nixos/hosts/synapse/configuration.nix b/nixos/hosts/synapse/configuration.nix index 2d909a2..677003f 100644 --- a/nixos/hosts/synapse/configuration.nix +++ b/nixos/hosts/synapse/configuration.nix @@ -29,7 +29,7 @@ in user = "matrix-synapse"; group = "matrix-synapse"; services = [ "matrix-synapse" ]; - }; + }; services.postgresql = { enable = true; @@ -42,36 +42,44 @@ in ''; }; - services.matrix-synapse = { - enable = true; - withJemalloc = true; + services.matrix-synapse = + let + extraConfig = builtins.toFile "extraConfig.yaml" '' + registration_requires_token: true + ''; + in + { + enable = true; + withJemalloc = true; - extraConfigFiles = [ - "${vs.synapse}/macaroon_secret_key" - "${vs.synapse}/registration_shared_secret" - "${vs.synapse}/form_secret" - "${vs.synapse}/turn_shared_secret" - ]; + extraConfigFiles = [ + "${vs.synapse}/macaroon_secret_key" + "${vs.synapse}/registration_shared_secret" + "${vs.synapse}/form_secret" + "${vs.synapse}/turn_shared_secret" + extraConfig + ]; - settings = - { - server_name = "meowy.tech"; - public_baseurl = "https://chat.meowy.tech"; - listeners = [ - { - inherit port; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = true; - } - ]; - } - ]; - }; - }; + settings = + { + server_name = "meowy.tech"; + enable_registration = true; + public_baseurl = "https://chat.meowy.tech"; + listeners = [ + { + inherit port; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + }; }