From 0e2babb4e43f9de830bbde81c259e1604b6dad07 Mon Sep 17 00:00:00 2001
From: uku <uku3lig@gmail.com>
Date: Tue, 9 Apr 2024 11:12:41 +0200
Subject: [PATCH] feat(matrix): replace conduit with dendrite!

---
 secrets/etna/dendriteKey.age | 14 +++++++
 secrets/secrets.nix          |  1 +
 systems/etna/default.nix     |  6 +++
 systems/etna/matrix.nix      | 76 +++++++++++++++++++++++++++---------
 4 files changed, 78 insertions(+), 19 deletions(-)
 create mode 100644 secrets/etna/dendriteKey.age

diff --git a/secrets/etna/dendriteKey.age b/secrets/etna/dendriteKey.age
new file mode 100644
index 0000000..bc6b4fa
--- /dev/null
+++ b/secrets/etna/dendriteKey.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXUXIwUHJvMGlqMThoNDJQ
+bW9jb1paekhHN25MSDIrdWxDa29EbGExaWtvCkJGQmt2d0VTYXd5eTZDS25KVlhQ
+dm1CeW1acDVkMHZORGJpaDNEUER3N0EKLT4gWDI1NTE5IHpRaFB5cWZjSTlocGda
+SitEbC9TQ1JxUi8vQ3dCbkxWbmkvOVdkQlM4UlUKYnlOMVM3YmRrT1Vld3VDMzlt
+Z1VLeEZvZzFEME85OVJjcVBRZU1taTc5TQotPiBYMjU1MTkgSi9velVpRUJrcXA3
+L05EVDNGdEZqR0JOUVpjV1hQZ3VIa2hRT1RVZWtTdwpQMWVNYzJKZyttOFlyRDNQ
+RnhxQ3dsVno2UldGQjJCZGp0ZThVVExmanEwCi0tLSBTK1hqUTNMV1MvVFNpbmsy
+Zm9PWjM4N2VCbkRkN0JxVFBiZHB4TnR1a1c0Cn+cp0DpgCFW2dIiZ6DQllFG4eTh
+GrFXVyxw65wz/rjZlNE2xp4R5h7et7m1uUQf50UzFXw47NwiNqhw3/baegxdDUDk
+fHx93pRl7UvZuBm/FLNxUN25+oEpx29adZud+ij/TfUhx864k3LXrWec0o2DQzfv
+TmpzvpGX4Fq+oBSw2RHnUByDPYW9idnYdvoEetjOegoAcUhfqAUriZyddtRgn8Ka
+n3u/Ss03
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f965d54..167cfec 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -20,4 +20,5 @@ in {
   "etna/ngrokEnv.age".publicKeys = main ++ [etna];
   "etna/minecraftEnv.age".publicKeys = main ++ [etna];
   "etna/atticEnv.age".publicKeys = main ++ [etna];
+  "etna/dendriteKey.age".publicKeys = main ++ [etna];
 }
diff --git a/systems/etna/default.nix b/systems/etna/default.nix
index 6038f4a..a905918 100644
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@@ -10,6 +10,7 @@ in {
 
     ./minecraft.nix
     ./attic.nix
+    ./matrix.nix
   ];
 
   age.secrets = let
@@ -21,6 +22,11 @@ in {
       group = "cloudflared";
     };
 
+    dendriteKey = {
+      file = "${path}/dendriteKey.age";
+      mode = "444";
+    };
+
     apiRsEnv.file = "${path}/apiRsEnv.age";
     ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
     ngrokEnv.file = "${path}/ngrokEnv.age";
diff --git a/systems/etna/matrix.nix b/systems/etna/matrix.nix
index 8b7db40..d905774 100644
--- a/systems/etna/matrix.nix
+++ b/systems/etna/matrix.nix
@@ -1,39 +1,77 @@
-{pkgs, ...}: {
+{config, ...}: {
   cfTunnels."m.uku.moe" = "http://localhost:80";
 
   services = {
-    matrix-conduit = {
-      enable = true;
-      settings.global = {
-        server_name = "m.uku.moe";
-        allow_registration = true;
-        port = 6167;
+    dendrite = let
+      database = {
+        connection_string = "postgres:///dendrite?host=/run/postgresql";
+        max_open_conns = 50;
+        max_idle_conns = 5;
+        conn_max_lifetime = -1;
       };
+    in {
+      enable = true;
+      httpPort = 8008;
+      settings = {
+        global = {
+          server_name = "m.uku.moe";
+          private_key = config.age.secrets.dendriteKey.path;
+          inherit database;
+        };
+
+        client_api = {
+          registration_disabled = true;
+        };
+
+        app_service_api = {inherit database;};
+        federation_api = {inherit database;};
+        key_server = {inherit database;};
+        media_api = {inherit database;};
+        mscs = {inherit database;};
+        relay_api = {inherit database;};
+        room_server = {inherit database;};
+        sync_api = {inherit database;};
+        user_api = {
+          account_database = database;
+          device_database = database;
+        };
+      };
+    };
+
+    postgresql = {
+      enable = true;
+      ensureDatabases = ["dendrite"];
+      ensureUsers = [
+        {
+          name = "dendrite";
+          ensureDBOwnership = true;
+        }
+      ];
     };
 
     nginx = {
       enable = true;
-      recommendedProxySettings = true;
 
       virtualHosts."m.uku.moe" = {
         locations."=/.well-known/matrix/server" = let
-          filename = "server-well-known";
-          content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
+          server = {"m.server" = "m.uku.moe:443";};
         in {
-          alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
-          tryFiles = "${filename} =200";
-          extraConfig = ''
-            default_type application/json;
-          '';
+          return = "200 '${builtins.toJSON server}'";
+        };
+
+        locations."=/.well-known/matrix/client" = let
+          client = {"m.homeserver"."base_url" = "https://my.hostname.com";};
+        in {
+          return = "200 '${builtins.toJSON client}'";
         };
 
         locations."/" = {
-          proxyPass = "http://localhost:6167/";
+          proxyPass = "http://localhost:8008";
           proxyWebsockets = true;
           extraConfig = ''
-            proxy_set_header Host $host;
-            proxy_buffering off;
-            client_max_body_size 100M;
+            proxy_set_header Host      $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_read_timeout         600;
           '';
         };
       };