2024-04-13 14:26:07 +02:00
|
|
|
{
|
|
|
|
config,
|
2024-07-29 10:58:43 +02:00
|
|
|
_utils,
|
2024-04-13 14:26:07 +02:00
|
|
|
...
|
2024-07-29 10:58:43 +02:00
|
|
|
}: let
|
|
|
|
secretKey = _utils.setupSingleSecret config "dendriteKey" {};
|
|
|
|
in {
|
|
|
|
imports = [secretKey.generate];
|
|
|
|
|
2024-04-02 20:53:12 +02:00
|
|
|
cfTunnels."m.uku.moe" = "http://localhost:80";
|
|
|
|
|
2024-04-29 16:29:31 +02:00
|
|
|
systemd.services.dendrite = {
|
|
|
|
after = ["postgresql.service"];
|
|
|
|
serviceConfig.RestartSec = 10;
|
|
|
|
};
|
|
|
|
|
2024-04-02 20:53:12 +02:00
|
|
|
services = {
|
2024-04-09 11:12:41 +02:00
|
|
|
dendrite = let
|
|
|
|
database = {
|
|
|
|
connection_string = "postgres:///dendrite?host=/run/postgresql";
|
|
|
|
max_open_conns = 50;
|
|
|
|
max_idle_conns = 5;
|
|
|
|
conn_max_lifetime = -1;
|
|
|
|
};
|
|
|
|
in {
|
2024-04-02 20:53:12 +02:00
|
|
|
enable = true;
|
2024-04-09 11:12:41 +02:00
|
|
|
httpPort = 8008;
|
2024-07-29 10:58:43 +02:00
|
|
|
loadCredential = ["private_key:${secretKey.path}"];
|
2024-07-29 10:31:58 +02:00
|
|
|
|
2024-04-09 11:12:41 +02:00
|
|
|
settings = {
|
|
|
|
global = {
|
|
|
|
server_name = "m.uku.moe";
|
2024-07-29 10:31:58 +02:00
|
|
|
private_key = "$CREDENTIALS_DIRECTORY/private_key";
|
2024-04-09 11:12:41 +02:00
|
|
|
inherit database;
|
|
|
|
};
|
|
|
|
|
|
|
|
client_api = {
|
|
|
|
registration_disabled = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
app_service_api = {inherit database;};
|
|
|
|
federation_api = {inherit database;};
|
|
|
|
key_server = {inherit database;};
|
|
|
|
media_api = {inherit database;};
|
|
|
|
mscs = {inherit database;};
|
|
|
|
relay_api = {inherit database;};
|
|
|
|
room_server = {inherit database;};
|
|
|
|
sync_api = {inherit database;};
|
|
|
|
user_api = {
|
|
|
|
account_database = database;
|
|
|
|
device_database = database;
|
|
|
|
};
|
2024-04-02 20:53:12 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-04-09 11:12:41 +02:00
|
|
|
postgresql = {
|
|
|
|
enable = true;
|
|
|
|
ensureDatabases = ["dendrite"];
|
|
|
|
ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "dendrite";
|
|
|
|
ensureDBOwnership = true;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
2024-05-19 10:34:48 +02:00
|
|
|
nginx.virtualHosts."m.uku.moe".locations = let
|
|
|
|
server = {"m.server" = "m.uku.moe:443";};
|
|
|
|
client = {"m.homeserver"."base_url" = "https://m.uku.moe";};
|
|
|
|
in {
|
|
|
|
"=/.well-known/matrix/server" = {
|
|
|
|
return = "200 '${builtins.toJSON server}'";
|
|
|
|
};
|
2024-04-09 11:12:41 +02:00
|
|
|
|
2024-05-19 10:34:48 +02:00
|
|
|
"=/.well-known/matrix/client" = {
|
|
|
|
return = "200 '${builtins.toJSON client}'";
|
|
|
|
};
|
2024-04-02 20:53:12 +02:00
|
|
|
|
2024-05-19 10:34:48 +02:00
|
|
|
"/" = {
|
|
|
|
proxyPass = "http://localhost:8008";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_read_timeout 600;
|
|
|
|
client_max_body_size 100M;
|
|
|
|
'';
|
2024-04-02 20:53:12 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|