surtr: ...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-24 22:20:21 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-24 22:20:21 +0100
commit: 1e901b985cecb3fb2c96df8b5b7be5e08a5d3723 (patch)
tree: f81940cd1a137aa4b0cb73308164398e06784c1c /hosts/surtr/matrix.nix
parent: c2f78236e3dce44068e3973b891666962b3dc4bc (diff)
download: nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar
nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.gz
nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.bz2
nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.xz
nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.zip
1 files changed, 0 insertions, 125 deletions
diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix.nix
deleted file mode 100644
index b6e6d29d..00000000
--- a/hosts/surtr/matrix.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-{ config, pkgs, ... }:
-{
-  config = {
-    services.matrix-synapse = {
-      enable = true;
-      enable_metrics = true;
-      enable_registration = false;
-      allow_guest_access = false;
-      server_name = "synapse.li";
-      listeners = [
-        { bind_address = "localhost";
-          port = 8008;
-          resources = [
-            { names = [ "client" ];
-              compress = true;
-            }
-            { names = [ "federation" ];
-              compress = false;
-            }
-          ];
-          tls = false;
-          type = "http";
-          x_forwarded = true;
-        }
-      ];
-      tls_certificate_path = "/run/credentials/matrix-synapse/synapse.li.pem";
-      tls_private_key_path = "/run/credentials/matrix-synapse/synapse.li.key.pem";
-      tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path;
-    };
-    systemd.services.matrix-synapse = {
-      serviceConfig = {
-        LoadCredential = [
-          "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
-          "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
-        ];
-      };
-    };
-    services.nginx = {
-      recommendedProxySettings = true;
-      upstreams."matrix-synapse" = {
-        servers = {
-          "127.0.0.1:8008" = {};
-        };
-      };
-      virtualHosts."synapse.li" = {
-        forceSSL = true;
-        sslCertificate = "/run/credentials/nginx.service/synapse.li.pem";
-        sslCertificateKey = "/run/credentials/nginx.service/synapse.li.key.pem";
-        sslTrustedCertificate = "/run/credentials/nginx.service/synapse.li.chain.pem";
-        listen = [
-          { addr = "0.0.0.0"; port = 443; ssl = true; }
-          { addr = "[::0]"; port = 443; ssl = true; }
-          { addr = "0.0.0.0"; port = 8448; ssl = true; }
-          { addr = "[::0]"; port = 8448; ssl = true; }
-        ];
-        locations = let
-          synapse = {
-            proxyPass = "http://matrix-synapse";
-            extraConfig = ''
-              add_header Strict-Transport-Security "max-age=63072000" always;
-            '';
-          };
-        in {
-          "/_matrix" = synapse;
-          "/_synapse/client" = synapse;
-          "/".return = "301 https://element.synapse.li$request_uri";
-        };
-      };
-      virtualHosts."element.synapse.li" = {
-        forceSSL = true;
-        sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
-        sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
-        sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
-        root = pkgs.element-web.override {
-          conf = {
-            default_server_config."m.homeserver" = {
-              "base_url" = "https://synapse.li";
-              "server_name" = "synapse.li";
-            };
-          };
-        };
-      };
-    };
-    security.acme.domains = {
-      "element.synapse.li" = {
-        zone = "synapse.li";
-        certCfg = {
-          postRun = ''
-            ${pkgs.systemd}/bin/systemctl try-restart nginx.service
-          '';
-        };
-      };
-      "synapse.li".certCfg = {
-        postRun = ''
-          ${pkgs.systemd}/bin/systemctl try-restart nginx.service
-        '';       
-      };
-    };
-    systemd.services.nginx = {
-      serviceConfig = {
-        LoadCredential = [
-          "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
-          "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
-          "synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem"
-          "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
-          "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
-          "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
-        ];
-      };
-    };
-  };
-}
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-24 22:20:21 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-24 22:20:21 +0100
commit	1e901b985cecb3fb2c96df8b5b7be5e08a5d3723 (patch)
tree	f81940cd1a137aa4b0cb73308164398e06784c1c /hosts/surtr/matrix.nix
parent	c2f78236e3dce44068e3973b891666962b3dc4bc (diff)
download	nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.gz nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.bz2 nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.tar.xz nixos-1e901b985cecb3fb2c96df8b5b7be5e08a5d3723.zip

diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix.nix deleted file mode 100644 index b6e6d29d..00000000 --- a/hosts/surtr/matrix.nix +++ /dev/null
@@ -1,125 +0,0 @@
1	{ config, pkgs, ... }:
2	{
3	config = {
4	services.matrix-synapse = {
5	enable = true;
6	enable_metrics = true;
7
8	enable_registration = false;
9	allow_guest_access = false;
10
11	server_name = "synapse.li";
12
13	listeners = [
14	{ bind_address = "localhost";
15	port = 8008;
16	resources = [
17	{ names = [ "client" ];
18	compress = true;
19	}
20	{ names = [ "federation" ];
21	compress = false;
22	}
23	];
24	tls = false;
25	type = "http";
26	x_forwarded = true;
27	}
28	];
29
30	tls_certificate_path = "/run/credentials/matrix-synapse/synapse.li.pem";
31	tls_private_key_path = "/run/credentials/matrix-synapse/synapse.li.key.pem";
32	tls_dh_params_path = config.security.dhparams.params.matrix-synapse.path;
33	};
34
35	systemd.services.matrix-synapse = {
36	serviceConfig = {
37	LoadCredential = [
38	"synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
39	"synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
40	];
41	};
42	};
43
44	services.nginx = {
45	recommendedProxySettings = true;
46
47	upstreams."matrix-synapse" = {
48	servers = {
49	"127.0.0.1:8008" = {};
50	};
51	};
52
53	virtualHosts."synapse.li" = {
54	forceSSL = true;
55	sslCertificate = "/run/credentials/nginx.service/synapse.li.pem";
56	sslCertificateKey = "/run/credentials/nginx.service/synapse.li.key.pem";
57	sslTrustedCertificate = "/run/credentials/nginx.service/synapse.li.chain.pem";
58	listen = [
59	{ addr = "0.0.0.0"; port = 443; ssl = true; }
60	{ addr = "[::0]"; port = 443; ssl = true; }
61	{ addr = "0.0.0.0"; port = 8448; ssl = true; }
62	{ addr = "[::0]"; port = 8448; ssl = true; }
63	];
64	locations = let
65	synapse = {
66	proxyPass = "http://matrix-synapse";
67	extraConfig = ''
68	add_header Strict-Transport-Security "max-age=63072000" always;
69	'';
70	};
71	in {
72	"/_matrix" = synapse;
73	"/_synapse/client" = synapse;
74	"/".return = "301 https://element.synapse.li$request_uri";
75	};
76	};
77
78	virtualHosts."element.synapse.li" = {
79	forceSSL = true;
80	sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
81	sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
82	sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
83
84	root = pkgs.element-web.override {
85	conf = {
86	default_server_config."m.homeserver" = {
87	"base_url" = "https://synapse.li";
88	"server_name" = "synapse.li";
89	};
90	};
91	};
92	};
93	};
94
95	security.acme.domains = {
96	"element.synapse.li" = {
97	zone = "synapse.li";
98	certCfg = {
99	postRun = ''
100	${pkgs.systemd}/bin/systemctl try-restart nginx.service
101	'';
102	};
103	};
104	"synapse.li".certCfg = {
105	postRun = ''
106	${pkgs.systemd}/bin/systemctl try-restart nginx.service
107	'';
108	};
109	};
110
111	systemd.services.nginx = {
112	serviceConfig = {
113	LoadCredential = [
114	"synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
115	"synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
116	"synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem"
117
118	"element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
119	"element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
120	"element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
121	];
122	};
123	};
124	};
125	}