conduit and other changes

2024-12-02 10:45:17 -05:00
parent 9665c744cf
commit 9b5af0c075
7 changed files with 73 additions and 18 deletions
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -51,25 +51,43 @@
        root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web
        file_server browse
      '';
+
+      "${config.services.matrix-conduit.settings.global.server_name}".extraConfig = ''
+        reverse_proxy :${builtins.toString config.services.matrix-conduit.settings.global.port}
+      '';
+
+      # Exact duplicate of matrix.gardling.com
+      "${config.services.matrix-conduit.settings.global.server_name}:8448".extraConfig =
+        config.services.caddy.virtualHosts."${config.services.matrix-conduit.settings.global.server_name
+        }".extraConfig;
    };
  };

  systemd.tmpfiles.rules = [
-    "d ${service_configs.https.data_dir} 0755 ${config.services.caddy.user} ${config.services.caddy.group}"
+    "d ${service_configs.https.data_dir} 0750 ${config.services.caddy.user} ${config.services.caddy.group}"
  ];

  systemd.packages = with pkgs; [ nssTools ];

  networking.firewall.allowedTCPPorts = [
    service_configs.ports.https
+
+    # http (but really acmeCA challenges)
    80
+
+    # for matrix federation
+    8448
  ];

  networking.firewall.allowedUDPPorts = [
    service_configs.ports.https
+
+    # for matrix federation
+    8448
  ];

  users.users.${config.services.caddy.user}.extraGroups = [
+    # for `map.gardling.com`
    "minecraft"
  ];

--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -0,0 +1,38 @@
+{
+  pkgs,
+  config,
+  service_configs,
+  ...
+}:
+{
+  imports = [
+    ../secrets/matrix_reg_token.nix
+  ];
+
+  services.matrix-conduit = {
+    enable = true;
+    package = pkgs.conduwuit;
+    # package = pkgs.conduwuit.overrideAttrs (old: {
+    #   cargoBuildFeatures = pkgs.lib.remove "release_max_log_level" old.cargoBuildFeatures;
+    # });
+
+    settings.global = {
+      port = 6167;
+      server_name = "matrix.${service_configs.https.domain}";
+      database_backend = "rocksdb";
+      allow_registration = true;
+
+      trusted_servers = [
+        "matrix.org"
+        "envs.net"
+      ];
+
+      # without this, conduit fails to start
+      address = "0.0.0.0";
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/private/matrix-conduit 0750 conduit conduit"
+  ];
+}