matrix: disable

matrix: fix continuwuity module
update
2026-02-10 13:55:45 -05:00 · 2026-02-10 13:54:22 -05:00 · 2026-02-10 12:56:12 -05:00 · 2026-02-10 12:49:56 -05:00
5 changed files with 99 additions and 24 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -38,6 +38,8 @@

    ./services/bitwarden.nix

+    # ./services/matrix.nix
+
    ./services/monero.nix
    ./services/xmrig.nix

--- a/flake.lock
+++ b/flake.lock
@@ -27,11 +27,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1769737823,
-        "narHash": "sha256-DrBaNpZ+sJ4stXm+0nBX7zqZT9t9P22zbk6m5YhQxS4=",
+        "lastModified": 1770419512,
+        "narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "b2f45c3830aa96b7456a4c4bc327d04d7a43e1ba",
+        "rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7",
        "type": "github"
      },
      "original": {
@@ -243,11 +243,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1770064250,
-        "narHash": "sha256-3HB6gfnKZnwDoH77lnJktJtQWEZ+D35Oi53pNF6YwO4=",
+        "lastModified": 1770734117,
+        "narHash": "sha256-PNXSnK507MRj+hYMgnUR7InNJzVCmOfsjHV4YXZgpwQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "9985b98c74dcc7b1c7ccfe8693daf37caa4ed2ea",
+        "rev": "2038a9a19adb886eccba775321b055fdbdc5029d",
        "type": "github"
      },
      "original": {
@@ -265,11 +265,11 @@
        "systems": "systems_3"
      },
      "locked": {
-        "lastModified": 1770172907,
-        "narHash": "sha256-rqYl9B+4shcM5b6OYjT+qdsdQNJ7SY64/xcPIb96NzU=",
+        "lastModified": 1770520993,
+        "narHash": "sha256-ks1ZFBYlBmQ4CAM4WSmCFUtkUJzbmJ0VJH/JkKVMPqY=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "8958a5a4259e1aebf4916823bf463faaf2538566",
+        "rev": "b32f4325880b4fac47b8736161a8f032dd248b70",
        "type": "github"
      },
      "original": {
@@ -280,11 +280,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1769302137,
-        "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
+        "lastModified": 1770631810,
+        "narHash": "sha256-b7iK/x+zOXbjhRqa+XBlYla4zFvPZyU5Ln2HJkiSnzc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
+        "rev": "2889685785848de940375bf7fea5e7c5a3c8d502",
        "type": "github"
      },
      "original": {
@@ -296,11 +296,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1770136044,
-        "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=",
+        "lastModified": 1770617025,
+        "narHash": "sha256-1jZvgZoAagZZB6NwGRv2T2ezPy+X6EFDsJm+YSlsvEs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e",
+        "rev": "2db38e08fdadcc0ce3232f7279bab59a15b94482",
        "type": "github"
      },
      "original": {
@@ -376,11 +376,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770001842,
-        "narHash": "sha256-ZAyTeILfdWwDp1nuF0RK3McBduMi49qnJvrS+3Ezpac=",
+        "lastModified": 1770520253,
+        "narHash": "sha256-6rWuHgSENXKnC6HGGAdRolQrnp/8IzscDn7FQEo1uEQ=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "5018343419ea808f8a413241381976b7e60951f2",
+        "rev": "ebb8a141f60bb0ec33836333e0ca7928a072217f",
        "type": "github"
      },
      "original": {
@@ -433,11 +433,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770257911,
-        "narHash": "sha256-yCsQ6UJNWyrLc6OI41uA8R3u2z60aNYCzcVzM1AG3qY=",
+        "lastModified": 1770603164,
+        "narHash": "sha256-2jJNzobNvy307k/FJxDWR6aO6FmClILFdA78CzdW9zY=",
        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "5086dcb3f4212c90ab0e5c30391c92116db7e035",
+        "rev": "aa7bed2868237fad33b5ba12fca8f4f7a4dc07c5",
        "type": "github"
      },
      "original": {
@@ -509,11 +509,11 @@
    "trackerlist": {
      "flake": false,
      "locked": {
-        "lastModified": 1770246524,
-        "narHash": "sha256-ZZCgWu4ZR4p6GltHl5AWgITWm8LAXIe9z1tJ04eW8E0=",
+        "lastModified": 1770678576,
+        "narHash": "sha256-1X28j4RPLpmwztbF9+H8T5Ah/DRK9kslXdvM0t6W3YU=",
        "owner": "ngosang",
        "repo": "trackerslist",
-        "rev": "4838353ac4f4fca954b9e53f28585eafe6a6943e",
+        "rev": "661532984bab7bd41430566e248fa96513673c4f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -118,6 +118,8 @@
          syncthing_protocol = 22000;
          syncthing_discovery = 21027;
          minecraft = 25565;
+          matrix = 6167;
+          matrix_federation = 8448;
        };

        https = {
@@ -168,6 +170,11 @@
          dataDir = services_dir + "/monero";
        };

+        matrix = {
+          dataDir = "/var/lib/continuwuity";
+          domain = "matrix.${https.domain}";
+        };
+
        syncthing = {
          dataDir = services_dir + "/syncthing";
          signalBackupDir = "/${zpool_ssds}/bak/signal";
--- a/secrets/matrix_reg_token
+++ b/secrets/matrix_reg_token
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -0,0 +1,66 @@
+{
+  config,
+  service_configs,
+  lib,
+  ...
+}:
+{
+  imports = [
+    (lib.serviceMountWithZpool "continuwuity" service_configs.zpool_ssds [
+      service_configs.matrix.dataDir
+    ])
+  ];
+
+  services.matrix-continuwuity = {
+    enable = true;
+
+    settings.global = {
+      port = [ service_configs.ports.matrix ];
+      server_name = service_configs.https.domain;
+      allow_registration = true;
+      registration_token_file = ../secrets/matrix_reg_token;
+
+      new_user_displayname_suffix = "";
+
+      trusted_servers = [
+        "matrix.org"
+        "constellatory.net"
+        "tchncs.de"
+        "envs.net"
+      ];
+
+      address = [
+        "0.0.0.0"
+      ];
+    };
+  };
+
+  services.caddy.virtualHosts.${service_configs.https.domain}.extraConfig = lib.mkBefore ''
+    header /.well-known/matrix/* Content-Type application/json
+    header /.well-known/matrix/* Access-Control-Allow-Origin *
+    respond /.well-known/matrix/server `{"m.server": "${service_configs.matrix.domain}:${builtins.toString service_configs.ports.https}"}`
+    respond /.well-known/matrix/client `{"m.server":{"base_url":"https://${service_configs.matrix.domain}"},"m.homeserver":{"base_url":"https://${service_configs.matrix.domain}"},"org.matrix.msc3575.proxy":{"base_url":"https://${config.services.matrix-continuwuity.settings.global.server_name}"}}`
+  '';
+
+  services.caddy.virtualHosts."${service_configs.matrix.domain}".extraConfig = ''
+    reverse_proxy :${builtins.toString service_configs.ports.matrix}
+  '';
+
+  # Exact duplicate for federation port
+  services.caddy.virtualHosts."${service_configs.matrix.domain}:${builtins.toString service_configs.ports.matrix_federation}".extraConfig =
+    config.services.caddy.virtualHosts."${service_configs.matrix.domain}".extraConfig;
+
+  systemd.tmpfiles.rules = [
+    "Z ${service_configs.matrix.dataDir} 0770 ${config.services.matrix-continuwuity.user} ${config.services.matrix-continuwuity.group}"
+  ];
+
+  # for federation
+  networking.firewall.allowedTCPPorts = [
+    service_configs.ports.matrix_federation
+  ];
+
+  # for federation
+  networking.firewall.allowedUDPPorts = [
+    service_configs.ports.matrix_federation
+  ];
+}
Author	SHA1	Message	Date
Simon Gardling	a887edf510	matrix: disable	2026-02-10 13:55:45 -05:00
Simon Gardling	4f71f61c4b	matrix: fix continuwuity module	2026-02-10 13:54:22 -05:00
Simon Gardling	3187130cd3	update	2026-02-10 12:56:12 -05:00
Simon Gardling	11ab6de305	re-add matrix	2026-02-10 12:49:56 -05:00