From 77c406a0b86c9742479901498e51a48452a0fe49 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 25 Feb 2022 13:04:25 +0100
Subject: surtr: matrix: .well-known

---
 hosts/surtr/matrix/default.nix | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 2ef78b3d..6a955b40 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -79,16 +79,34 @@
           { addr = "0.0.0.0"; port = 8448; ssl = true; }
           { addr = "[::0]"; port = 8448; ssl = true; }
         ];
-        locations = let
-          synapse = {
-            proxyPass = "http://matrix-synapse";
+        extraConfig = ''
+          add_header Strict-Transport-Security "max-age=63072000" always;
+          
+          add_header Access-Control-Allow-Origin '*';
+          add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
+          add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization';
+          add_header Access-Control-Max-Age 7200;
+        '';
+        locations = {
+          "/_matrix".proxyPass = "http://matrix-synapse";
+          "/_synapse/client".proxyPass = "http://matrix-synapse";
+          "= /.well-known/matrix/server" = {
             extraConfig = ''
-              add_header Strict-Transport-Security "max-age=63072000" always;
+              add_header Content-Type application/json;
             '';
+            return = "200 '${builtins.toJSON {
+              "m.server" = "synapse.li:443"; 
+            }}'";
+          };
+          "= /.well-known/matrix/client" = {
+            extraConfig = ''
+              add_header Content-Type application/json;
+            '';
+            return = "200 '${builtins.toJSON {
+              "m.homeserver" = { "base_url" = "https://synapse.li"; };
+              "m.identity_server" = { "base_url" = "https://vector.im"; };
+            }}'";
           };
-        in {
-          "/_matrix" = synapse;
-          "/_synapse/client" = synapse;
           "/".return = "301 https://element.synapse.li$request_uri";
         };
       };
@@ -98,6 +116,9 @@
         sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem";
         sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem";
         sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
+        extraConfig = ''
+          add_header Strict-Transport-Security "max-age=63072000" always;
+        '';
 
         root = pkgs.element-web.override {
           conf = {
-- 
cgit v1.2.3