Revert: Remove Conduit

It didn't deploy either and we'd probably use synapse anyway This reverts commit fbba7df4b7c9de5b1926612647e1d9d06b7d22cf.
author: sils <sils@sils.li> 2023-06-06 10:23:07 +0200
committer: sils <sils@sils.li> 2023-06-06 10:23:07 +0200
commit: 9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2 (patch)
tree: 6301db25e4dc7bbf12e39dadae817376d0640f9c
parent: Feat(system/matrix/conduit): Add matrix-conduit (diff)
download: nixos-server-9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2.tar.gz
nixos-server-9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2.zip
4 files changed, 2 insertions, 137 deletions
diff --git a/system/file_system_layouts/default.nix b/system/file_system_layouts/default.nix
index ed18892..31b0b0b 100644
--- a/system/file_system_layouts/default.nix
+++ b/system/file_system_layouts/default.nix
@@ -44,10 +44,6 @@ in {
         device = "/srv/acme";
         options = ["bind"];
       };
-      "/var/lib/matrix-conduit" = {
-        device = "/srv/matrix-conduit";
-        options = ["bind"];
-      };
     };
   };
 }
diff --git a/system/services/default.nix b/system/services/default.nix
index 761902c..d80bdab 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,13 +1,12 @@
 {config, ...}: {
   imports = [
     ./acme
-    ./fail2ban
-    #./firewall
-    ./matrix
+    #  ./firewall
     #./minecraft
     ./nginx
     ./nix
     ./opensshd
     ./rust-motd
+    ./fail2ban
   ];
 }
diff --git a/system/services/matrix/conduit/default.nix b/system/services/matrix/conduit/default.nix
deleted file mode 100644
index e583ca4..0000000
--- a/system/services/matrix/conduit/default.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-# vim: ts=2
-{
-  config,
-  pkgs,
-  flake-inputs,
-  ...
-}: let
-  server_name = "vhack.eu";
-
-  matrix_hostname = "matrix.${server_name}";
-
-  well_known_server = pkgs.writeText "well-known-matrix-server" ''
-    {
-      "m.server": "${matrix_hostname}"
-    }
-  '';
-
-  well_known_client = pkgs.writeText "well-known-matrix-client" ''
-    {
-      "m.homeserver": {
-        "base_url": "https://${matrix_hostname}"
-      }
-    }
-  '';
-in {
-  services.matrix-conduit = {
-    enable = true;
-
-    settings.global = {
-      inherit server_name;
-      database_backend = "rocksdb";
-      trusted_servers = ["matrix.org" "sils.li" "asra.gr"];
-      allow_registration = false;
-    };
-  };
-
-  # Configure NGINX as a reverse proxy
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-
-    virtualHosts = {
-      "${matrix_hostname}" = {
-        forceSSL = true;
-        enableACME = true;
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 8448;
-            ssl = true;
-          }
-          {
-            addr = "::0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "::0";
-            port = 8448;
-            ssl = true;
-          }
-        ];
-
-        locations."/_matrix/" = {
-          proxyPass = "http://backend_conduit$request_uri";
-          proxyWebsockets = true;
-          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_buffering off;
-          '';
-        };
-
-        extraConfig = ''
-          merge_slashes off;
-        '';
-      };
-
-      "${server_name}" = {
-        forceSSL = true;
-        enableACME = true;
-
-        locations."=/.well-known/matrix/server" = {
-          # Use the contents of the derivation built previously
-          alias = "${well_known_server}";
-
-          extraConfig = ''
-            # Set the header since by default NGINX thinks it's just bytes
-            default_type application/json;
-          '';
-        };
-
-        locations."=/.well-known/matrix/client" = {
-          # Use the contents of the derivation built previously
-          alias = "${well_known_client}";
-
-          extraConfig = ''
-            # Set the header since by default NGINX thinks it's just bytes
-            default_type application/json;
-
-            # https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
-            add_header Access-Control-Allow-Origin "*";
-          '';
-        };
-      };
-    };
-
-    upstreams = {
-      "backend_conduit" = {
-        servers = {
-          "localhost:${toString config.services.matrix-conduit.settings.global.port}" = {};
-        };
-      };
-    };
-  };
-
-  # Open firewall ports for HTTP, HTTPS, and Matrix federation
-  networking.firewall.allowedTCPPorts = [80 443 8448];
-  networking.firewall.allowedUDPPorts = [80 443 8448];
-}
diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix
deleted file mode 100644
index 7f2a357..0000000
--- a/system/services/matrix/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{config, ...}: {
-  imports = [
-    ./conduit
-  ];
-}
author	sils <sils@sils.li>	2023-06-06 10:23:07 +0200
committer	sils <sils@sils.li>	2023-06-06 10:23:07 +0200
commit	9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2 (patch)
tree	6301db25e4dc7bbf12e39dadae817376d0640f9c
parent	Feat(system/matrix/conduit): Add matrix-conduit (diff)
download	nixos-server-9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2.tar.gz nixos-server-9465eb624aab87adc9a5bf3b3d3ba96c8eb3e2a2.zip