summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/default.nix2
-rw-r--r--hosts/surtr/dns/default.nix1
-rw-r--r--hosts/surtr/dns/zones/li.synapse.soa5
-rw-r--r--hosts/surtr/matrix.nix26
-rw-r--r--hosts/surtr/postgres.nix20
-rw-r--r--hosts/surtr/postgresql.nix15
6 files changed, 46 insertions, 23 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index 7ab3199b..0e24bd54 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
2{ 2{
3 imports = with flake.nixosModules.systemProfiles; [ 3 imports = with flake.nixosModules.systemProfiles; [
4 qemu-guest openssh rebuild-machines zfs 4 qemu-guest openssh rebuild-machines zfs
5 ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix.nix ./postgres.nix 5 ./zfs.nix ./dns ./tls ./http.nix ./bifrost ./matrix.nix ./postgresql.nix
6 ]; 6 ];
7 7
8 config = { 8 config = {
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index e9ae3183..13928ad2 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -170,6 +170,7 @@ in {
170 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; 170 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; };
171 } 171 }
172 { domain = "synapse.li"; 172 { domain = "synapse.li";
173 acmeDomains = ["element.synapse.li" "synapse.li"];
173 } 174 }
174 { domain = "dirty-haskell.org"; 175 { domain = "dirty-haskell.org";
175 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; 176 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; };
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa
index 539f0297..fc171bc2 100644
--- a/hosts/surtr/dns/zones/li.synapse.soa
+++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -1,7 +1,7 @@
1$ORIGIN synapse.li 1$ORIGIN synapse.li
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022022401 ; serial 4 2022022402 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -26,4 +26,7 @@ $TTL 3600
26* IN MX 0 ymir.yggdrasil.li 26* IN MX 0 ymir.yggdrasil.li
27* IN TXT "v=spf1 redirect=yggdrasil.li" 27* IN TXT "v=spf1 redirect=yggdrasil.li"
28 28
29element IN CNAME synapse.li.
30_acme-challenge.element IN NS ns.yggdrasil.li.
31
29_acme-challenge IN NS ns.yggdrasil.li. 32_acme-challenge IN NS ns.yggdrasil.li.
diff --git a/hosts/surtr/matrix.nix b/hosts/surtr/matrix.nix
index 315490cb..e3373df6 100644
--- a/hosts/surtr/matrix.nix
+++ b/hosts/surtr/matrix.nix
@@ -68,7 +68,27 @@
68 add_header Strict-Transport-Security "max-age=63072000" always; 68 add_header Strict-Transport-Security "max-age=63072000" always;
69 ''; 69 '';
70 }; 70 };
71 in { "/_matrix" = synapse; "/_synapse/client" = synapse; }; 71 in {
72 "/_matrix" = synapse;
73 "/_synapse/client" = synapse;
74 "/".return = "301 https://element.synapse.li$request_uri";
75 };
76 };
77
78 virtualHosts."element.synapse.li" = {
79 forceSSL = true;
80 sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
81 sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
82 sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
83
84 root = pkgs.element-web.override {
85 conf = {
86 default_server_config."m.homeserver" = {
87 "base_url" = "https://synapse.li";
88 "server_name" = "synapse.li";
89 };
90 };
91 };
72 }; 92 };
73 }; 93 };
74 94
@@ -78,6 +98,10 @@
78 "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem" 98 "synapse.li.key.pem:${config.security.acme.certs."synapse.li".directory}/key.pem"
79 "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem" 99 "synapse.li.pem:${config.security.acme.certs."synapse.li".directory}/fullchain.pem"
80 "synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem" 100 "synapse.li.chain.pem:${config.security.acme.certs."synapse.li".directory}/chain.pem"
101
102 "element.synapse.li.key.pem:${config.security.acme.certs."element.synapse.li".directory}/key.pem"
103 "element.synapse.li.pem:${config.security.acme.certs."element.synapse.li".directory}/fullchain.pem"
104 "element.synapse.li.chain.pem:${config.security.acme.certs."element.synapse.li".directory}/chain.pem"
81 ]; 105 ];
82 }; 106 };
83 }; 107 };
diff --git a/hosts/surtr/postgres.nix b/hosts/surtr/postgres.nix
deleted file mode 100644
index e8ea73be..00000000
--- a/hosts/surtr/postgres.nix
+++ /dev/null
@@ -1,20 +0,0 @@
1{ pkgs, ... }:
2{
3 config = {
4 services.postgresql = {
5 enable = true;
6 package = pkgs.postgresql_14;
7 ensureDatabases = [
8 "matrix-synapse"
9 ];
10 ensureUsers = [
11 { name = "matrix-synapse";
12 ensurePermissions = {
13 "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
14 "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
15 };
16 }
17 ];
18 };
19 };
20}
diff --git a/hosts/surtr/postgresql.nix b/hosts/surtr/postgresql.nix
new file mode 100644
index 00000000..f0cb155b
--- /dev/null
+++ b/hosts/surtr/postgresql.nix
@@ -0,0 +1,15 @@
1{ pkgs, ... }:
2{
3 config = {
4 services.postgresql = {
5 enable = true;
6 package = pkgs.postgresql_14;
7 initalScript = pkgs.writeText "schema.sql" ''
8 CREATE DATABASE "matrix-synapse" WITH ENCODING "UTF8" LOCALE "C";
9 CREATE USER "matrix-synapse";
10 GRANT ALL PRIVILEGES ON DATABASE "matrix-synapse" TO "matrix-synapse";
11 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "matrix-synapse";
12 '';
13 };
14 };
15}