summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/2configs/matrix.nix80
2 files changed, 81 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e1f92c51e..1faa23ec3 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -138,6 +138,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/services/coms/jitsi.nix>
<stockholm/lass/2configs/fysiirc.nix>
<stockholm/lass/2configs/bgt-bot>
+ <stockholm/lass/2configs/matrix.nix>
<stockholm/krebs/2configs/mastodon-proxy.nix>
{
services.tor = {
diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix
new file mode 100644
index 000000000..cdcbe7ab0
--- /dev/null
+++ b/lass/2configs/matrix.nix
@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ services.matrix-synapse = {
+ # synapse 1.60.0 errors during startup with:
+ # https://github.com/matrix-org/synapse/issues/15809
+ package = pkgs.matrix-synapse.overrideAttrs (oldAttrs: rec {
+ version = "1.85.2";
+ name = "matrix-synapse-${version}";
+ src = pkgs.fetchFromGitHub {
+ owner = "matrix-org";
+ repo = "synapse";
+ rev = "v${version}";
+ hash = "sha256-pFafBsisBPfpDnFYWcimUuBgfFVPZzLna3yHeqIBAAE=";
+ };
+ cargoDeps = pkgs.rustPlatform.fetchCargoTarball {
+ inherit src;
+ name = "matrix-synapse-${version}";
+ hash = "sha256-dnno+5Ma0YNYpmj3oZ5UG22uAanKwVT67BwQW+mHoFc=";
+ };
+ doCheck = false;
+ });
+ enable = true;
+ settings = {
+ server_name = "lassul.us";
+ # registration_shared_secret = "yolo";
+ database.name = "sqlite3";
+ turn_uris = [
+ "turn:turn.matrix.org?transport=udp"
+ "turn:turn.matrix.org?transport=tcp"
+ ];
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "::1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [ "client" ];
+ compress = true;
+ }
+ {
+ names = [ "federation" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ };
+ };
+ services.nginx = {
+ virtualHosts = {
+ "lassul.us" = {
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ add_header Content-Type application/json;
+ return 200 '${builtins.toJSON {
+ "m.server" = "matrix.lassul.us:443";
+ }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ add_header Content-Type application/json;
+ add_header Access-Control-Allow-Origin *;
+ return 200 '${builtins.toJSON {
+ "m.homeserver" = { "base_url" = "https://matrix.lassul.us"; };
+ "m.identity_server" = { "base_url" = "https://vector.im"; };
+ }}';
+ '';
+ };
+ "matrix.lassul.us" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/_matrix" = {
+ proxyPass = "http://[::1]:8008";
+ };
+ };
+ };
+ };
+}