diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/dns/default.nix | 1 | ||||
-rw-r--r-- | hosts/surtr/dns/zones/li.synapse.soa | 5 | ||||
-rw-r--r-- | hosts/surtr/matrix.nix | 26 | ||||
-rw-r--r-- | hosts/surtr/postgres.nix | 20 | ||||
-rw-r--r-- | hosts/surtr/postgresql.nix | 15 |
6 files changed, 46 insertions, 23 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 7ab3199b..0e24bd54 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
@@ -2,7 +2,7 @@ | |||
2 | { | 2 | { |
3 | imports = with flake.nixosModules.systemProfiles; [ | 3 | imports = with flake.nixosModules.systemProfiles; [ |
4 | qemu-guest openssh rebuild-machines zfs | 4 | qemu-guest openssh rebuild-machines zfs |
5 | ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix.nix ./postgres.nix | 5 | ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix.nix ./postgresql.nix |
6 | ]; | 6 | ]; |
7 | 7 | ||
8 | config = { | 8 | config = { |
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index e9ae3183..13928ad2 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -170,6 +170,7 @@ in { | |||
170 | addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; | 170 | addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; |
171 | } | 171 | } |
172 | { domain = "synapse.li"; | 172 | { domain = "synapse.li"; |
173 | acmeDomains = ["element.synapse.li" "synapse.li"]; | ||
173 | } | 174 | } |
174 | { domain = "dirty-haskell.org"; | 175 | { domain = "dirty-haskell.org"; |
175 | addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; | 176 | addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; |
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 539f0297..fc171bc2 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN synapse.li | 1 | $ORIGIN synapse.li |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022401 ; serial | 4 | 2022022402 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -26,4 +26,7 @@ $TTL 3600 | |||
26 | * IN MX 0 ymir.yggdrasil.li | 26 | * IN MX 0 ymir.yggdrasil.li |
27 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 27 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
28 | 28 | ||
29 | element IN CNAME synapse.li. | ||
30 | _acme-challenge.element IN NS ns.yggdrasil.li. | ||
31 | |||
29 | _acme-challenge IN NS ns.yggdrasil.li. | 32 | _acme-challenge IN NS ns.yggdrasil.li. |
diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix.nix index 315490cb..e3373df6 100644 --- a/hosts/surtr/matrix.nix +++ b/hosts/surtr/matrix.nix | |||
@@ -68,7 +68,27 @@ | |||
68 | add_header Strict-Transport-Security "max-age=63072000" always; | 68 | add_header Strict-Transport-Security "max-age=63072000" always; |
69 | ''; | 69 | ''; |
70 | }; | 70 | }; |
71 | in { "/_matrix" = synapse; "/_synapse/client" = synapse; }; | 71 | in { |
72 | "/_matrix" = synapse; | ||
73 | "/_synapse/client" = synapse; | ||
74 | "/".return = "301 https://element.synapse.li$request_uri"; | ||
75 | }; | ||
76 | }; | ||
77 | |||
78 | virtualHosts."element.synapse.li" = { | ||
79 | forceSSL = true; | ||
80 | sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem"; | ||
81 | sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem"; | ||
82 | sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; | ||
83 | |||
84 | root = pkgs.element-web.override { | ||
85 | conf = { | ||
86 | default_server_config."m.homeserver" = { | ||
87 | "base_url" = "https://synapse.li"; | ||
88 | "server_name" = "synapse.li"; | ||
89 | }; | ||
90 | }; | ||
91 | }; | ||
72 | }; | 92 | }; |
73 | }; | 93 | }; |
74 | 94 | ||
@@ -78,6 +98,10 @@ | |||
78 | "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem" | 98 | "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem" |
79 | "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem" | 99 | "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem" |
80 | "synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem" | 100 | "synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem" |
101 | |||
102 | "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem" | ||
103 | "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem" | ||
104 | "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem" | ||
81 | ]; | 105 | ]; |
82 | }; | 106 | }; |
83 | }; | 107 | }; |
diff --git a/hosts/surtr/postgres.nix b/hosts/surtr/postgres.nix deleted file mode 100644 index e8ea73be..00000000 --- a/hosts/surtr/postgres.nix +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | { pkgs, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | services.postgresql = { | ||
5 | enable = true; | ||
6 | package = pkgs.postgresql_14; | ||
7 | ensureDatabases = [ | ||
8 | "matrix-synapse" | ||
9 | ]; | ||
10 | ensureUsers = [ | ||
11 | { name = "matrix-synapse"; | ||
12 | ensurePermissions = { | ||
13 | "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; | ||
14 | "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; | ||
15 | }; | ||
16 | } | ||
17 | ]; | ||
18 | }; | ||
19 | }; | ||
20 | } | ||
diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix new file mode 100644 index 00000000..f0cb155b --- /dev/null +++ b/hosts/surtr/postgresql.nix | |||
@@ -0,0 +1,15 @@ | |||
1 | { pkgs, ... }: | ||
2 | { | ||
3 | config = { | ||
4 | services.postgresql = { | ||
5 | enable = true; | ||
6 | package = pkgs.postgresql_14; | ||
7 | initalScript = pkgs.writeText "schema.sql" '' | ||
8 | CREATE DATABASE "matrix-synapse" WITH ENCODING "UTF8" LOCALE "C"; | ||
9 | CREATE USER "matrix-synapse"; | ||
10 | GRANT ALL PRIVILEGES ON DATABASE "matrix-synapse" TO "matrix-synapse"; | ||
11 | GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "matrix-synapse"; | ||
12 | ''; | ||
13 | }; | ||
14 | }; | ||
15 | } | ||