commit message
This commit is contained in:
parent
270e1a0be4
commit
77afca4525
57 changed files with 971 additions and 423 deletions
13
modules/server/social/default.nix
Normal file
13
modules/server/social/default.nix
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./gotosocial.nix
|
||||
./synapse.nix
|
||||
];
|
||||
}
|
||||
64
modules/server/social/gotosocial.nix
Normal file
64
modules/server/social/gotosocial.nix
Normal file
|
|
@ -0,0 +1,64 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options = {
|
||||
server.social.gotosocial = {
|
||||
enable = lib.mkEnableOption "enable gotosocial";
|
||||
port = lib.mkOption {
|
||||
default = 8008;
|
||||
description = "gotosocial port";
|
||||
};
|
||||
public = lib.mkOption {
|
||||
default = true;
|
||||
description = "public gotosocial";
|
||||
};
|
||||
subdomain = lib.mkOption {
|
||||
default = "fedi";
|
||||
description = "gotosocial subdomain";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
services = {
|
||||
gotosocial = {
|
||||
enable = config.server.social.gotosocial.enable;
|
||||
settings = {
|
||||
application_name = "The Martyverse";
|
||||
host = "${config.server.social.gotosocial.subdomain}.${config.networking.domain}";
|
||||
bind-address = "127.0.0.1";
|
||||
port = config.server.social.gotosocial.port;
|
||||
protocol = "https";
|
||||
landing-page-user = "${config.user.userName}";
|
||||
db-address = "/home/${config.user.userName}/gotosocial/storage/sqlite.db";
|
||||
storage-local-base-path = "/home/${config.user.userName}/gotosocial/storage";
|
||||
db-type = "sqlite";
|
||||
accounts-allow-custom-css = true;
|
||||
accounts-registration-open = true;
|
||||
accounts-reason-required = true;
|
||||
accounts-registration-backlog-limit = 20;
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
virtualHosts = {
|
||||
"${config.server.social.gotosocial.subdomain}.${config.networking.domain}" =
|
||||
if config.server.social.gotosocial.public && config.server.social.gotosocial.enable then
|
||||
{
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.server.social.gotosocial.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
}
|
||||
else
|
||||
{ };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
116
modules/server/social/synapse.nix
Normal file
116
modules/server/social/synapse.nix
Normal file
|
|
@ -0,0 +1,116 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
fqdn = "${config.server.synapse.subdomain}.${config.networking.domain}";
|
||||
baseUrl = "https://${fqdn}";
|
||||
clientConfig."m.homeserver".base_url = baseUrl;
|
||||
serverConfig."m.server" = "${fqdn}:443";
|
||||
mkWellKnown = data: ''
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
server.synapse = {
|
||||
enable = lib.mkEnableOption "enable synapse";
|
||||
subdomain = lib.mkOption {
|
||||
default = "yap";
|
||||
description = "synapse subdomain";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
default = 8008;
|
||||
description = "synapse port";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
services =
|
||||
if config.server.synapse.enable then
|
||||
{
|
||||
postgresql.enable = true;
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
configureRedisLocally = true;
|
||||
extras = [
|
||||
"cache-memory" # Provide statistics about caching memory consumption
|
||||
"jwt" # JSON Web Token authentication
|
||||
"oidc" # OpenID Connect authentication
|
||||
"postgres" # PostgreSQL database backend
|
||||
"redis" # Redis support for the replication stream between worker processes
|
||||
#"saml2" # SAML2 authentication
|
||||
"sentry" # Error tracking and performance metrics
|
||||
"systemd" # Provide the JournalHandler used in the default log_config
|
||||
"url-preview" # Support for oEmbed URL previews
|
||||
];
|
||||
settings = {
|
||||
url_preview_enabled = true;
|
||||
server_name = "${config.networking.domain}";
|
||||
public_baseurl = baseUrl;
|
||||
media_store_path = "/mnt/Data/Matrix/Media";
|
||||
max_upload_size = "10G";
|
||||
enable_registration = false;
|
||||
generic = {
|
||||
enabled = true;
|
||||
outbound = true;
|
||||
urlPrefix = "https://https://yap.marty.tf/webhooks/";
|
||||
allowJsTransformationFunctions = false;
|
||||
waitForComplete = false;
|
||||
enableHttpGet = false;
|
||||
};
|
||||
listeners = [
|
||||
{
|
||||
port = config.server.synapse.port;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
names = [
|
||||
"client"
|
||||
"federation"
|
||||
];
|
||||
compress = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
virtualHosts = {
|
||||
"${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
};
|
||||
"${config.server.synapse.subdomain}.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"~ ^(/_matrix|/_synapse/client|/)" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.server.synapse.port}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig =
|
||||
"proxy_set_header X-Forwarded-For $remote_addr;"
|
||||
+ "proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
+ "proxy_set_header Host $host:$server_port;";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
else
|
||||
{ };
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue