summary refs log tree commit diff stats
path: root/system/services/matrix/conduit/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system/services/matrix/conduit/default.nix')
-rw-r--r--system/services/matrix/conduit/default.nix125
1 files changed, 0 insertions, 125 deletions
diff --git a/system/services/matrix/conduit/default.nix b/system/services/matrix/conduit/default.nix
deleted file mode 100644
index e583ca4..0000000
--- a/system/services/matrix/conduit/default.nix
+++ /dev/null
@@ -1,125 +0,0 @@
-# vim: ts=2
-{
-  config,
-  pkgs,
-  flake-inputs,
-  ...
-}: let
-  server_name = "vhack.eu";
-
-  matrix_hostname = "matrix.${server_name}";
-
-  well_known_server = pkgs.writeText "well-known-matrix-server" ''
-    {
-      "m.server": "${matrix_hostname}"
-    }
-  '';
-
-  well_known_client = pkgs.writeText "well-known-matrix-client" ''
-    {
-      "m.homeserver": {
-        "base_url": "https://${matrix_hostname}"
-      }
-    }
-  '';
-in {
-  services.matrix-conduit = {
-    enable = true;
-
-    settings.global = {
-      inherit server_name;
-      database_backend = "rocksdb";
-      trusted_servers = ["matrix.org" "sils.li" "asra.gr"];
-      allow_registration = false;
-    };
-  };
-
-  # Configure NGINX as a reverse proxy
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-
-    virtualHosts = {
-      "${matrix_hostname}" = {
-        forceSSL = true;
-        enableACME = true;
-
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "0.0.0.0";
-            port = 8448;
-            ssl = true;
-          }
-          {
-            addr = "::0";
-            port = 443;
-            ssl = true;
-          }
-          {
-            addr = "::0";
-            port = 8448;
-            ssl = true;
-          }
-        ];
-
-        locations."/_matrix/" = {
-          proxyPass = "http://backend_conduit$request_uri";
-          proxyWebsockets = true;
-          extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_buffering off;
-          '';
-        };
-
-        extraConfig = ''
-          merge_slashes off;
-        '';
-      };
-
-      "${server_name}" = {
-        forceSSL = true;
-        enableACME = true;
-
-        locations."=/.well-known/matrix/server" = {
-          # Use the contents of the derivation built previously
-          alias = "${well_known_server}";
-
-          extraConfig = ''
-            # Set the header since by default NGINX thinks it's just bytes
-            default_type application/json;
-          '';
-        };
-
-        locations."=/.well-known/matrix/client" = {
-          # Use the contents of the derivation built previously
-          alias = "${well_known_client}";
-
-          extraConfig = ''
-            # Set the header since by default NGINX thinks it's just bytes
-            default_type application/json;
-
-            # https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
-            add_header Access-Control-Allow-Origin "*";
-          '';
-        };
-      };
-    };
-
-    upstreams = {
-      "backend_conduit" = {
-        servers = {
-          "localhost:${toString config.services.matrix-conduit.settings.global.port}" = {};
-        };
-      };
-    };
-  };
-
-  # Open firewall ports for HTTP, HTTPS, and Matrix federation
-  networking.firewall.allowedTCPPorts = [80 443 8448];
-  networking.firewall.allowedUDPPorts = [80 443 8448];
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 16:43:53 +0000