This commit is contained in:
parent
0bbea5954c
commit
6e3b07a67f
|
@ -132,6 +132,11 @@
|
|||
mac = "9E:8A:6C:39:27:DE";
|
||||
nix = false;
|
||||
}
|
||||
{
|
||||
hostname = "synapse";
|
||||
ip = "10.42.42.28";
|
||||
mac = "9E:86:D3:46:EE:AE";
|
||||
}
|
||||
{
|
||||
hostname = "nuc";
|
||||
ip = "10.42.42.42";
|
||||
|
|
|
@ -9,6 +9,16 @@ let
|
|||
};
|
||||
};
|
||||
k8s_proxy = proxy "http://10.42.42.150:8000/";
|
||||
clientConfig = {
|
||||
"m.homeserver".base_url = "https://chat.meowy.tech";
|
||||
"m.identity_server" = {};
|
||||
};
|
||||
serverConfig."m.server" = "chat.meowy.tech:443";
|
||||
mkWellKnown = data: ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
in
|
||||
{
|
||||
networking.hostName = "nginx";
|
||||
|
@ -43,6 +53,23 @@ in
|
|||
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
||||
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
||||
|
||||
# Meow
|
||||
virtualHosts."meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
};
|
||||
virtualHosts."chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
locations."/_matrix".proxyPass = "http://synapse.olympus:8008";
|
||||
locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008";
|
||||
};
|
||||
|
||||
# Kubernetes endpoints
|
||||
virtualHosts."0x76.dev" = k8s_proxy;
|
||||
virtualHosts."drone.0x76.dev" = k8s_proxy;
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
port = 8008;
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
|
@ -20,5 +23,55 @@
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
vault-secrets.secrets.synapse = {
|
||||
user = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
services = [ "matrix-synapse" ];
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
};
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
withJemalloc = true;
|
||||
|
||||
extraConfigFiles = [
|
||||
"${vs.synapse}/macaroon_secret_key"
|
||||
"${vs.synapse}/registration_shared_secret"
|
||||
"${vs.synapse}/form_secret"
|
||||
"${vs.synapse}/turn_shared_secret"
|
||||
];
|
||||
|
||||
settings =
|
||||
{
|
||||
server_name = "meowy.tech";
|
||||
public_baseurl = "https://chat.meowy.tech";
|
||||
listeners = [
|
||||
{
|
||||
inherit port;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue