feat(matrix): replace conduit with dendrite!
This commit is contained in:
parent
44068449a9
commit
0e2babb4e4
SSH key fingerprint:
SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
4 changed files with 78 additions and 19 deletions
14
secrets/etna/dendriteKey.age
Normal file
14
secrets/etna/dendriteKey.age
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXUXIwUHJvMGlqMThoNDJQ
|
||||||
|
bW9jb1paekhHN25MSDIrdWxDa29EbGExaWtvCkJGQmt2d0VTYXd5eTZDS25KVlhQ
|
||||||
|
dm1CeW1acDVkMHZORGJpaDNEUER3N0EKLT4gWDI1NTE5IHpRaFB5cWZjSTlocGda
|
||||||
|
SitEbC9TQ1JxUi8vQ3dCbkxWbmkvOVdkQlM4UlUKYnlOMVM3YmRrT1Vld3VDMzlt
|
||||||
|
Z1VLeEZvZzFEME85OVJjcVBRZU1taTc5TQotPiBYMjU1MTkgSi9velVpRUJrcXA3
|
||||||
|
L05EVDNGdEZqR0JOUVpjV1hQZ3VIa2hRT1RVZWtTdwpQMWVNYzJKZyttOFlyRDNQ
|
||||||
|
RnhxQ3dsVno2UldGQjJCZGp0ZThVVExmanEwCi0tLSBTK1hqUTNMV1MvVFNpbmsy
|
||||||
|
Zm9PWjM4N2VCbkRkN0JxVFBiZHB4TnR1a1c0Cn+cp0DpgCFW2dIiZ6DQllFG4eTh
|
||||||
|
GrFXVyxw65wz/rjZlNE2xp4R5h7et7m1uUQf50UzFXw47NwiNqhw3/baegxdDUDk
|
||||||
|
fHx93pRl7UvZuBm/FLNxUN25+oEpx29adZud+ij/TfUhx864k3LXrWec0o2DQzfv
|
||||||
|
TmpzvpGX4Fq+oBSw2RHnUByDPYW9idnYdvoEetjOegoAcUhfqAUriZyddtRgn8Ka
|
||||||
|
n3u/Ss03
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
@ -20,4 +20,5 @@ in {
|
||||||
"etna/ngrokEnv.age".publicKeys = main ++ [etna];
|
"etna/ngrokEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/minecraftEnv.age".publicKeys = main ++ [etna];
|
"etna/minecraftEnv.age".publicKeys = main ++ [etna];
|
||||||
"etna/atticEnv.age".publicKeys = main ++ [etna];
|
"etna/atticEnv.age".publicKeys = main ++ [etna];
|
||||||
|
"etna/dendriteKey.age".publicKeys = main ++ [etna];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ in {
|
||||||
|
|
||||||
./minecraft.nix
|
./minecraft.nix
|
||||||
./attic.nix
|
./attic.nix
|
||||||
|
./matrix.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets = let
|
age.secrets = let
|
||||||
|
|
@ -21,6 +22,11 @@ in {
|
||||||
group = "cloudflared";
|
group = "cloudflared";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
dendriteKey = {
|
||||||
|
file = "${path}/dendriteKey.age";
|
||||||
|
mode = "444";
|
||||||
|
};
|
||||||
|
|
||||||
apiRsEnv.file = "${path}/apiRsEnv.age";
|
apiRsEnv.file = "${path}/apiRsEnv.age";
|
||||||
ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
|
ukubotRsEnv.file = "${path}/ukubotRsEnv.age";
|
||||||
ngrokEnv.file = "${path}/ngrokEnv.age";
|
ngrokEnv.file = "${path}/ngrokEnv.age";
|
||||||
|
|
|
||||||
|
|
@ -1,39 +1,77 @@
|
||||||
{pkgs, ...}: {
|
{config, ...}: {
|
||||||
cfTunnels."m.uku.moe" = "http://localhost:80";
|
cfTunnels."m.uku.moe" = "http://localhost:80";
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
matrix-conduit = {
|
dendrite = let
|
||||||
enable = true;
|
database = {
|
||||||
settings.global = {
|
connection_string = "postgres:///dendrite?host=/run/postgresql";
|
||||||
server_name = "m.uku.moe";
|
max_open_conns = 50;
|
||||||
allow_registration = true;
|
max_idle_conns = 5;
|
||||||
port = 6167;
|
conn_max_lifetime = -1;
|
||||||
};
|
};
|
||||||
|
in {
|
||||||
|
enable = true;
|
||||||
|
httpPort = 8008;
|
||||||
|
settings = {
|
||||||
|
global = {
|
||||||
|
server_name = "m.uku.moe";
|
||||||
|
private_key = config.age.secrets.dendriteKey.path;
|
||||||
|
inherit database;
|
||||||
|
};
|
||||||
|
|
||||||
|
client_api = {
|
||||||
|
registration_disabled = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
app_service_api = {inherit database;};
|
||||||
|
federation_api = {inherit database;};
|
||||||
|
key_server = {inherit database;};
|
||||||
|
media_api = {inherit database;};
|
||||||
|
mscs = {inherit database;};
|
||||||
|
relay_api = {inherit database;};
|
||||||
|
room_server = {inherit database;};
|
||||||
|
sync_api = {inherit database;};
|
||||||
|
user_api = {
|
||||||
|
account_database = database;
|
||||||
|
device_database = database;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureDatabases = ["dendrite"];
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "dendrite";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts."m.uku.moe" = {
|
virtualHosts."m.uku.moe" = {
|
||||||
locations."=/.well-known/matrix/server" = let
|
locations."=/.well-known/matrix/server" = let
|
||||||
filename = "server-well-known";
|
server = {"m.server" = "m.uku.moe:443";};
|
||||||
content = builtins.toJSON {"m.server" = "m.uku.moe:443";};
|
|
||||||
in {
|
in {
|
||||||
alias = builtins.toString (pkgs.writeTextDir filename content) + "/";
|
return = "200 '${builtins.toJSON server}'";
|
||||||
tryFiles = "${filename} =200";
|
};
|
||||||
extraConfig = ''
|
|
||||||
default_type application/json;
|
locations."=/.well-known/matrix/client" = let
|
||||||
'';
|
client = {"m.homeserver"."base_url" = "https://my.hostname.com";};
|
||||||
|
in {
|
||||||
|
return = "200 '${builtins.toJSON client}'";
|
||||||
};
|
};
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://localhost:6167/";
|
proxyPass = "http://localhost:8008";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_buffering off;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
client_max_body_size 100M;
|
proxy_read_timeout 600;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue