niksos/hosts/chmura/services/conduit.nix
2024-10-02 21:19:25 +02:00

61 lines
1.7 KiB
Nix

{
inputs,
pkgs,
...
}: let
port = 6167;
in {
nix.settings = {
substituters = [
"https://attic.conduit.rs/conduit"
];
trusted-public-keys = [
"conduit:ddcaWZiWm0l0IXZlO8FERRdWvEufwmd0Negl1P+c0Ns="
];
};
services.matrix-conduit = {
enable = true;
package = inputs.conduit.packages.${pkgs.system}.default;
settings.global = {
address = "127.0.0.1";
server_name = "jacekpoz.pl";
database_backend = "rocksdb";
inherit port;
enable_lightning_bolt = false;
max_request_size = 104857600;
allow_check_for_updates = false;
allow_registration = false;
};
};
services.caddy = {
enable = true;
virtualHosts."m.jacekpoz.pl".extraConfig = ''
reverse_proxy /_matrix/* 127.0.0.1:${toString port}
'';
virtualHosts."jacekpoz.pl".extraConfig = ''
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server `{
"m.server": "m.jacekpoz.pl:443"
}`
respond /.well-known/matrix/client `{
"m.homeserver": {
"base_url": "https://m.jacekpoz.pl"
},
"m.identity_server": {
"base_url": "https://matrix.org"
},
"org.matrix.msc3575.proxy": {
"url": "https://m.jacekpoz.pl"
}
}`
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
}