1 files changed, 28 insertions, 7 deletions
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 2ef78b3d..6a955b40 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -79,16 +79,34 @@
          { addr = "0.0.0.0"; port = 8448; ssl = true; }
          { addr = "[::0]"; port = 8448; ssl = true; }
        ];
-        locations = let
+        extraConfig = ''
-          synapse = {
+          add_header Strict-Transport-Security "max-age=63072000" always;
-            proxyPass = "http://matrix-synapse";
+          
+          add_header Access-Control-Allow-Origin '*';
+          add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
+          add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization';
+          add_header Access-Control-Max-Age 7200;
+        '';
+        locations = {
+          "/_matrix".proxyPass = "http://matrix-synapse";
+          "/_synapse/client".proxyPass = "http://matrix-synapse";
+          "= /.well-known/matrix/server" = {
            extraConfig = ''
-              add_header Strict-Transport-Security "max-age=63072000" always;
+              add_header Content-Type application/json;
            '';
+            return = "200 '${builtins.toJSON {
+              "m.server" = "synapse.li:443"; 
+            }}'";
+          };
+          "= /.well-known/matrix/client" = {
+            extraConfig = ''
+              add_header Content-Type application/json;
+            '';
+            return = "200 '${builtins.toJSON {
+              "m.homeserver" = { "base_url" = "https://synapse.li"; };
+              "m.identity_server" = { "base_url" = "https://vector.im"; };
+            }}'";
          };
-        in {
-          "/_matrix" = synapse;
-          "/_synapse/client" = synapse;
          "/".return = "301 https://element.synapse.li$request_uri";
        };
      };
@@ -98,6 +116,9 @@
        sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
        sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
        sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
+        extraConfig = ''
+          add_header Strict-Transport-Security "max-age=63072000" always;
+        '';
        root = pkgs.element-web.override {
          conf = {

diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 2ef78b3d..6a955b40 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix
@@ -79,16 +79,34 @@
79	{ addr = "0.0.0.0"; port = 8448; ssl = true; }	79	{ addr = "0.0.0.0"; port = 8448; ssl = true; }
80	{ addr = "[::0]"; port = 8448; ssl = true; }	80	{ addr = "[::0]"; port = 8448; ssl = true; }
81	];	81	];
82	locations = let	82	extraConfig = ''
83	synapse = {	83	add_header Strict-Transport-Security "max-age=63072000" always;
84	proxyPass = "http://matrix-synapse";	84
		85	add_header Access-Control-Allow-Origin '*';
		86	add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
		87	add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization';
		88	add_header Access-Control-Max-Age 7200;
		89	'';
		90	locations = {
		91	"/_matrix".proxyPass = "http://matrix-synapse";
		92	"/_synapse/client".proxyPass = "http://matrix-synapse";
		93	"= /.well-known/matrix/server" = {
85	extraConfig = ''	94	extraConfig = ''
86	add_header Strict-Transport-Security "max-age=63072000" always;	95	add_header Content-Type application/json;
87	'';	96	'';
		97	return = "200 '${builtins.toJSON {
		98	"m.server" = "synapse.li:443";
		99	}}'";
		100	};
		101	"= /.well-known/matrix/client" = {
		102	extraConfig = ''
		103	add_header Content-Type application/json;
		104	'';
		105	return = "200 '${builtins.toJSON {
		106	"m.homeserver" = { "base_url" = "https://synapse.li"; };
		107	"m.identity_server" = { "base_url" = "https://vector.im"; };
		108	}}'";
88	};	109	};
89	in {
90	"/_matrix" = synapse;
91	"/_synapse/client" = synapse;
92	"/".return = "301 https://element.synapse.li$request_uri";	110	"/".return = "301 https://element.synapse.li$request_uri";
93	};	111	};
94	};	112	};
@@ -98,6 +116,9 @@
98	sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";	116	sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
99	sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";	117	sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
100	sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";	118	sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
		119	extraConfig = ''
		120	add_header Strict-Transport-Security "max-age=63072000" always;
		121	'';
101		122
102	root = pkgs.element-web.override {	123	root = pkgs.element-web.override {
103	conf = {	124	conf = {