v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

finish up synapse
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Vivian 2022-07-28 17:01:28 +02:00
parent 6e3b07a67f
commit 2d85d61793
2 changed files with 66 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
nixos/hosts/nginx/configuration.nix
View file

@ -10,8 +10,11 @@ let
}; };
k8s_proxy = proxy "http://10.42.42.150:8000/"; k8s_proxy = proxy "http://10.42.42.150:8000/";
clientConfig = { clientConfig = {
"m.homeserver".base_url = "https://chat.meowy.tech"; "m.homeserver" = {
"m.identity_server" = {}; base_url = "https://chat.meowy.tech";
server_name = "meowy.tech";
};
"m.identity_server" = { };
}; };
serverConfig."m.server" = "chat.meowy.tech:443"; serverConfig."m.server" = "chat.meowy.tech:443";
mkWellKnown = data: '' mkWellKnown = data: ''
@ -57,6 +60,10 @@ in
virtualHosts."meowy.tech" = { virtualHosts."meowy.tech" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".extraConfig = ''
add_header Content-Type 'text/html; charset=UTF-8';
return 200 meow;
'';
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
}; };
@ -64,11 +71,28 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".extraConfig = '' locations."/".extraConfig = ''
return 404; return 307 https://element.chat.meowy.tech;
''; '';
locations."/_matrix".proxyPass = "http://synapse.olympus:8008"; locations."/_matrix".proxyPass = "http://synapse.olympus:8008";
locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008"; locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008";
}; };
virtualHosts."element.chat.meowy.tech" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = clientConfig;
show_labs_settings = true;
brand = "chat.meowy.tech";
};
};
};
virtualHosts."admin.chat.meowy.tech" = {
enableACME = true;
forceSSL = true;
root = pkgs.synapse-admin;
};
# Kubernetes endpoints # Kubernetes endpoints
virtualHosts."0x76.dev" = k8s_proxy; virtualHosts."0x76.dev" = k8s_proxy;

70
nixos/hosts/synapse/configuration.nix
View file

@ -29,7 +29,7 @@ in
user = "matrix-synapse"; user = "matrix-synapse";
group = "matrix-synapse"; group = "matrix-synapse";
services = [ "matrix-synapse" ]; services = [ "matrix-synapse" ];
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@ -42,36 +42,44 @@ in
''; '';
}; };
services.matrix-synapse = { services.matrix-synapse =
enable = true; let
withJemalloc = true; extraConfig = builtins.toFile "extraConfig.yaml" ''
registration_requires_token: true
'';
in
{
enable = true;
withJemalloc = true;
extraConfigFiles = [ extraConfigFiles = [
"${vs.synapse}/macaroon_secret_key" "${vs.synapse}/macaroon_secret_key"
"${vs.synapse}/registration_shared_secret" "${vs.synapse}/registration_shared_secret"
"${vs.synapse}/form_secret" "${vs.synapse}/form_secret"
"${vs.synapse}/turn_shared_secret" "${vs.synapse}/turn_shared_secret"
]; extraConfig
];
settings = settings =
{ {
server_name = "meowy.tech"; server_name = "meowy.tech";
public_baseurl = "https://chat.meowy.tech"; enable_registration = true;
listeners = [ public_baseurl = "https://chat.meowy.tech";
{ listeners = [
inherit port; {
bind_addresses = [ "0.0.0.0" ]; inherit port;
type = "http"; bind_addresses = [ "0.0.0.0" ];
tls = false; type = "http";
x_forwarded = true; tls = false;
resources = [ x_forwarded = true;
{ resources = [
names = [ "client" "federation" ]; {
compress = true; names = [ "client" "federation" ];
} compress = true;
]; }
} ];
]; }
}; ];
}; };
};
} }