JakeHillion/nixos
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

matrix: modularise properly
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Jake Hillion 2023-04-29 16:13:29 +01:00
parent f05bb1ff02
commit 91d132a9a0
4 changed files with 117 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hosts/vm.strangervm.ts.hillion.co.uk/default.nix
View File

@ -4,7 +4,6 @@
imports = [
../../modules/common/default.nix
../../modules/drone/server.nix
../../modules/matrix/default.nix
./hardware-configuration.nix
];
@ -20,7 +19,10 @@
};
## Custom Services
custom.www.global.enable = true;
custom = {
www.global.enable = true;
services.matrix.enable = true;
};
## Networking
networking.interfaces.ens18.ipv4.addresses = [{

1
modules/default.nix
View File

@ -5,6 +5,7 @@
./backups/default.nix
./desktop/awesome/default.nix
./resilio.nix
./services/matrix.nix
./tailscale.nix
./www/global.nix
./www/www-repo.nix

87
modules/matrix/default.nix
View File

@ -1,87 +0,0 @@
{ config, pkgs, lib, ... }:
{
config.custom.backups.matrix.enable = true;
## Matrix (matrix.hillion.co.uk)
config.age.secrets."matrix/matrix.hillion.co.uk/macaroon_secret_key" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/macaroon_secret_key.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
config.age.secrets."matrix/matrix.hillion.co.uk/email" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/email.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
config.services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
config.services.matrix-synapse = {
enable = true;
extraConfigFiles = [
config.age.secrets."matrix/matrix.hillion.co.uk/macaroon_secret_key".path
config.age.secrets."matrix/matrix.hillion.co.uk/email".path
];
settings = {
server_name = "hillion.co.uk";
public_baseurl = "https://matrix.hillion.co.uk/";
listeners = [
{
port = 8008;
tls = false;
type = "http";
x_forwarded = true;
bind_addresses = [ "::1" ];
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
password = "synapse";
host = "127.0.0.1";
cp_min = 5;
cp_max = 10;
};
};
enable_registration = true;
registrations_require_3pid = [ "email" ];
allowed_local_3pids = [
{
medium = "email";
pattern = "^[^@]+@hillion\.co\.uk$";
}
];
suppress_key_server_warning = true;
dynamic_thumbnails = true;
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
];
};
};
config.services.heisenbridge = {
enable = true;
owner = "@jake:hillion.co.uk";
homeserver = "https://matrix.hillion.co.uk";
};
}

112
modules/services/matrix.nix Normal file
View File

@ -0,0 +1,112 @@
{ config, pkgs, lib, ... }:
let
cfg = config.custom.services.matrix;
in
{
options.custom.services.matrix = {
enable = lib.mkEnableOption "matrix";
backup = lib.mkOption {
default = true;
type = lib.types.bool;
};
heisenbridge = lib.mkOption {
default = true;
type = lib.types.bool;
};
};
config = lib.mkIf cfg.enable {
custom = {
backups.matrix.enable = cfg.backup;
};
age.secrets = {
"matrix/matrix.hillion.co.uk/macaroon_secret_key" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/macaroon_secret_key.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
"matrix/matrix.hillion.co.uk/email" = {
file = ../../secrets/matrix/matrix.hillion.co.uk/email.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};
};
services = {
postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
matrix-synapse = {
enable = true;
extraConfigFiles = [
config.age.secrets."matrix/matrix.hillion.co.uk/macaroon_secret_key".path
config.age.secrets."matrix/matrix.hillion.co.uk/email".path
];
settings = {
server_name = "hillion.co.uk";
public_baseurl = "https://matrix.hillion.co.uk/";
listeners = [
{
port = 8008;
tls = false;
type = "http";
x_forwarded = true;
bind_addresses = [ "::1" ];
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
password = "synapse";
host = "127.0.0.1";
cp_min = 5;
cp_max = 10;
};
};
enable_registration = true;
registrations_require_3pid = [ "email" ];
allowed_local_3pids = [
{
medium = "email";
pattern = "^[^@]+@hillion\.co\.uk$";
}
];
suppress_key_server_warning = true;
dynamic_thumbnails = true;
app_service_config_files = lib.mkIf cfg.heisenbridge [
"/var/lib/heisenbridge/registration.yml"
];
};
};
heisenbridge = lib.mkIf cfg.heisenbridge {
enable = true;
owner = "@jake:hillion.co.uk";
homeserver = "https://matrix.hillion.co.uk";
};
};
};
}