From 77c406a0b86c9742479901498e51a48452a0fe49 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 25 Feb 2022 13:04:25 +0100 Subject: surtr: matrix: .well-known --- hosts/surtr/matrix/default.nix | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'hosts/surtr/matrix') diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 2ef78b3d..6a955b40 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix @@ -79,16 +79,34 @@ { addr = "0.0.0.0"; port = 8448; ssl = true; } { addr = "[::0]"; port = 8448; ssl = true; } ]; - locations = let - synapse = { - proxyPass = "http://matrix-synapse"; + extraConfig = '' + add_header Strict-Transport-Security "max-age=63072000" always; + + add_header Access-Control-Allow-Origin '*'; + add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS'; + add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; + add_header Access-Control-Max-Age 7200; + ''; + locations = { + "/_matrix".proxyPass = "http://matrix-synapse"; + "/_synapse/client".proxyPass = "http://matrix-synapse"; + "= /.well-known/matrix/server" = { extraConfig = '' - add_header Strict-Transport-Security "max-age=63072000" always; + add_header Content-Type application/json; ''; + return = "200 '${builtins.toJSON { + "m.server" = "synapse.li:443"; + }}'"; + }; + "= /.well-known/matrix/client" = { + extraConfig = '' + add_header Content-Type application/json; + ''; + return = "200 '${builtins.toJSON { + "m.homeserver" = { "base_url" = "https://synapse.li"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }}'"; }; - in { - "/_matrix" = synapse; - "/_synapse/client" = synapse; "/".return = "301 https://element.synapse.li$request_uri"; }; }; @@ -98,6 +116,9 @@ sslCertificate = "/run/credentials/nginx.service/element.synapse.li.pem"; sslCertificateKey = "/run/credentials/nginx.service/element.synapse.li.key.pem"; sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; + extraConfig = '' + add_header Strict-Transport-Security "max-age=63072000" always; + ''; root = pkgs.element-web.override { conf = { -- cgit v1.2.3