{ config, pkgs, ... }: let fqdn = "matrix.vhack.eu"; clientConfig."m.homeserver".base_url = "https://${fqdn}"; serverConfig."m.server" = "${fqdn}:443"; mkWellKnown = data: '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; in { networking.firewall.allowedTCPPorts = [80 443]; vhack.persist.directories = [ { directory = "/var/lib/matrix"; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; } { directory = "/var/lib/mautrix-whatsapp"; user = "mautrix-whatsapp"; group = "matrix-synapse"; mode = "0750"; } ]; systemd.tmpfiles.rules = [ "d /etc/matrix 0755 matrix-synapse matrix-synapse" ]; services = { postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' --Matrix: CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; --Whatsapp-bridge: CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; ''; }; nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "vhack.eu" = { enableACME = true; forceSSL = true; locations = { "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; }; "matrix.vhack.eu" = { enableACME = true; forceSSL = true; locations = { "/".return = "404"; "/_matrix".proxyPass = "http://[::1]:8008"; "/_synapse/client".proxyPass = "http://[::1]:8008"; }; }; }; }; mautrix-whatsapp = { # FIXME(@bpeetz): This was disabled because `mautrix-whatsapp` dependends on libolm. # Re-enable it, when this has changed. <2024-09-06> enable = false; settings = { appservice = { database = { type = "postgres"; uri = "postgres:///mautrix-whatsapp?host=/run/postgresql"; }; whatsapp = { # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list. # This also determines the WhatsApp icon browser_name = "unknown"; }; }; homeserver.address = "https://matrix.vhack.eu"; bridge.permissions = { "@soispha:vhack.eu" = "admin"; "@sils:vhack.eu" = "admin"; "@nightingale:vhack.eu" = "admin"; }; }; }; matrix-synapse = { enable = true; dataDir = "/var/lib/matrix"; configFile = "/etc/matrix/matrix.conf"; settings = { media_store_path = "/var/lib/matrix/media_store"; registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}"; server_name = "vhack.eu"; listeners = [ { port = 8008; bind_addresses = ["::1"]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = ["client" "federation"]; compress = true; } ]; } ]; }; }; }; }