matrix: migrate vm.strangervm->jorah

hosts/vm.strangervm.ts.hillion.co.uk/default.nix

@@ -21,7 +21,6 @@
     ## Custom Services
     custom = {
       locations.autoServe = true;
-      services.matrix.enable = true;
     };
 
     ## Networking

modules/impermanence.nix

@@ -31,10 +31,13 @@ in
   config = lib.mkIf cfg.enable {
     fileSystems.${cfg.base}.neededForBoot = true;
 
-    services.openssh.hostKeys = [
-      { path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
-      { path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
-    ];
+    services = {
+      openssh.hostKeys = [
+        { path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+        { path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
+      ];
+      matrix-synapse.dataDir = "${cfg.base}/system/var/lib/matrix-synapse";
+    };
 
     environment.persistence."${cfg.base}/system" = {
       hideMounts = true;
@@ -43,6 +46,7 @@ in
         "/etc/nixos"
       ] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
       (listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]) ++
+      (listIf config.services.postgresql.enable [ config.services.postgresql.dataDir ]) ++
       (listIf config.hardware.bluetooth.enable [ "/var/lib/bluetooth" ]);
     };
 

modules/locations.nix

@@ -15,7 +15,7 @@ in
         services = {
           downloads = "tywin.storage.ts.hillion.co.uk";
           mastodon = "vm.strangervm.ts.hillion.co.uk";
-          matrix = "vm.strangervm.ts.hillion.co.uk";
+          matrix = "jorah.cx.ts.hillion.co.uk";
         };
       };
     };

modules/www/global.nix

@@ -20,7 +20,12 @@ in
       virtualHosts = {
         "hillion.co.uk".extraConfig = ''
           handle /.well-known/* {
+            header /.well-known/matrix/* Content-Type application/json
+            header /.well-known/matrix/* Access-Control-Allow-Origin *
+
             respond /.well-known/matrix/server "{\"m.server\": \"matrix.hillion.co.uk:443\"}" 200
+            respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.hillion.co.uk"}}`
+
             respond 404
           }
 
@@ -42,7 +47,8 @@ in
           reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096
         '';
         "matrix.hillion.co.uk".extraConfig = ''
-          reverse_proxy http://${locations.services.matrix}:8008
+          reverse_proxy /_matrix/* http://${locations.services.matrix}:8008
+          reverse_proxy /_synapse/client/* http://${locations.services.matrix}:8008
         '';
         "unifi.hillion.co.uk".extraConfig = ''
           reverse_proxy https://unifi.unifi.ts.hillion.co.uk:8443 {

secrets/matrix/matrix.hillion.co.uk/registration_shared_secret.age

@@ -1,21 +1,22 @@
 age-encryption.org/v1
 -> ssh-rsa GxPFJQ
-go9Ut43nwGSKLx2cWSQuymgvlFyC43QxbV9NMP8Cs810fixcnvqzg3QWeK3iYvPZ
-TKL0+ZvdKYoGBatWc/dHflsNUSKef6rZ5Ip1VDCZIlkN2jYLaw5Z6fIKAthGBv55
-3VOEZGQ5g96OMeUnNPklTiRbukhVKoH1vtiyamzh7YIYYR/j/zyitEu1Ik+roQcf
-ngxMWpRKMvu7Za3Ujxga/z7d0JlVFCaJLK+taNvhJJ/EVb92KYpxHrR6AT3TLQK7
-9LXdHEYqrXRqDHCLEzoctKDSuv1urreQkG3CF2iXTsgGmy5uglh3bhVhYTmD0GD8
-BUzp8YNNGrVwDYcQvoR7VA
+PcYDtUs6evvvrjU3cZxaEoj62lvEyRQI4aGvGFK+6E/5ROwjBsyv7g6ClxDOICNU
+CUHzDYtbepFIycvqGGm/TDk2ZDknjpcef/pC2MjlPk+WZDkTx2MeNQs6uk8fNvS5
+6Ppw3CvdiABcx3NFUrgh/N1NKsvgGCR621q/AkyjodUdjWwTxYbr3XnZVA1J+S6M
+Nj+1RGYGBRGvUYcC7JIqArLZaCjDyXlyExtlCzlux8jUtblEBBmuwDYjMjUNE4fB
+Qq7D0RZW1AiaMqiFuzB03l9+n+NzYtmWHDWpgZcp1mbTWEaGWvfSI1xxULjp89Hx
++3GopFzQpknChP+KIGWCIA
 -> ssh-rsa K9mW1w
-rg0YQVuDyzCf5FZay/JC8P6e+yrGO+d+TK9r153S29vhYsiJXA7PtbrEAe1raToy
-Zp5WTcBXm41vlcHvhYZRDAs1OgLjeyguj2gvaLzXbk6x4N2WzjzxysxjyfqrO/f4
-YYCK40my0kzeAh8iRvdDrceIPZJhu4LcPIyhgspsCKmHSdru2yR3P92/1slw7J/a
-I0SxGSs9Lt/Mq+Tx1wP5mc3LpaiMnFDSjMbpGTs/rnUllIcgQstNiWlQWbVNGQsP
-57aJn7TPn3CXFXj6lKERRz2O6MAtjT35p9svfGQZDh2XHodHqm6A2jFtZcltoOAB
-GklfPJNasTwa1s/GrxFqfw
--> ssh-ed25519 O0LMHg x9UJVbJYJbEVk0gfS+moaBkFnqMZMJ8zzRrh6iSc6Q8
-8wEImXrzZQwVg2j6/LFziUOWlhjDkdDaRDY7++uZb5M
--> tu-grease LYy! <i 8HLB3<V
-pt/Tgs27lfMyLJh1BN57Ce/Tf0ZuiftbuTuoacbCerzPu6Wn
---- Bzf5px8E4eLToZ+vpN3xC0QOeGUzxQOpETr7Pmwpe9w
-|ºÅ<C2BA>jç¥3¨sïÇo°?æ‚É•ÖJÓ©Oº4ÉäU±f$õ¢«PaËÍ·½Gð"ñÕåÙïa
+ioNuiJFlFdVWMmAHlocThTlQYIn0m9I85WZjtbXbBGaV6B7WPVJOAfj8dsKAx2a+
+E8kq3Ffc1iNfcnw5gBb9X9zXReyi1cdSsdjwJS8Wew2was3rcbcRBh4cL+bzZ1U5
+BOkUqWo8lF1PNf/oJyjK3y07br8EKcjDTMs+n3AkjGTLyyP2Li2ZwzCHCoKgyHxf
+COcFAFWQdli4fZon9KjZ+Je4UtPtyDEKUUZxZMxXsXd4OTs/cpaFpzrl7MpB2Qdg
+31x0SQbY7Vt7+88yFoE55NmTTDPtIj9A38xSn9HBGHDl8+nftXTnkoQa+E2gJ2V0
+LYeWbozz2zFUQiUsQhM72A
+-> ssh-ed25519 Qo6/7A h+m0fzmo6DpdSejGvgcrYIuQFM0My3X+Vk4XvwlRyDg
+fWmR5VvANbi8P2zouqz66lxx61YzcW9R6wQLZvh3Y48
+-> Z#,x-grease ~ts
+zKs31SssQzG0GYI+xfHhfC+0
+--- Aa0oGbJedOyry0m22fwH+VY5koBC2NO7o4OwIQe6YlY
+4´ž-v°OÊ?È
+n.dýçCèµD«Þ,Ï+kr½>¿ÖdiØþÕáý8ŒÉøŸ³å4

secrets/secrets.nix

@@ -58,9 +58,9 @@ in
   "resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
 
   # Matrix Secrets
-  "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
-  "matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
-  "matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
+  "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
+  "matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
+  "matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
 
   # Backups Secrets
   "restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];