server and other shit
This commit is contained in:
parent
270e1a0be4
commit
804371bf96
65 changed files with 1428 additions and 619 deletions
117
modules/server/social/synapse.nix
Normal file
117
modules/server/social/synapse.nix
Normal file
|
|
@ -0,0 +1,117 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
fqdn = "${config.server.synapse.subdomain}.${config.networking.domain}";
|
||||
baseUrl = "https://${fqdn}";
|
||||
clientConfig."m.homeserver".base_url = baseUrl;
|
||||
serverConfig."m.server" = "${fqdn}:443";
|
||||
mkWellKnown = data: ''
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
server.synapse = {
|
||||
enable = lib.mkEnableOption "enable synapse";
|
||||
subdomain = lib.mkOption {
|
||||
default = "yap";
|
||||
description = "synapse subdomain";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
default = 8008;
|
||||
description = "synapse port";
|
||||
};
|
||||
};
|
||||
};
|
||||
config = {
|
||||
services =
|
||||
if config.server.synapse.enable then
|
||||
{
|
||||
postgresql.enable = true;
|
||||
matrix-synapse = {
|
||||
enable = true;
|
||||
configureRedisLocally = true;
|
||||
extras = [
|
||||
"cache-memory" # Provide statistics about caching memory consumption
|
||||
"jwt" # JSON Web Token authentication
|
||||
"oidc" # OpenID Connect authentication
|
||||
"postgres" # PostgreSQL database backend
|
||||
"redis" # Redis support for the replication stream between worker processes
|
||||
#"saml2" # SAML2 authentication
|
||||
"sentry" # Error tracking and performance metrics
|
||||
"systemd" # Provide the JournalHandler used in the default log_config
|
||||
"url-preview" # Support for oEmbed URL previews
|
||||
];
|
||||
settings = {
|
||||
url_preview_enabled = true;
|
||||
server_name = "${config.networking.domain}";
|
||||
public_baseurl = baseUrl;
|
||||
media_store_path = "/mnt/Data/Matrix/Media";
|
||||
max_upload_size = "10G";
|
||||
enable_registration = false;
|
||||
registration_shared_secret = "";
|
||||
generic = {
|
||||
enabled = true;
|
||||
outbound = true;
|
||||
urlPrefix = "https://https://yap.marty.tf/webhooks/";
|
||||
allowJsTransformationFunctions = false;
|
||||
waitForComplete = false;
|
||||
enableHttpGet = false;
|
||||
};
|
||||
listeners = [
|
||||
{
|
||||
port = config.server.synapse.port;
|
||||
bind_addresses = [ "127.0.0.1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
names = [
|
||||
"client"
|
||||
"federation"
|
||||
];
|
||||
compress = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
nginx = {
|
||||
virtualHosts = {
|
||||
"${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
};
|
||||
"${config.server.synapse.subdomain}.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"~ ^(/_matrix|/_synapse/client|/)" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.server.synapse.port}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig =
|
||||
"proxy_set_header X-Forwarded-For $remote_addr;"
|
||||
+ "proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
+ "proxy_set_header Host $host:$server_port;";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
else
|
||||
{ };
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue