diff --git a/caddy.nix b/caddy.nix index f82cdef..7ee9877 100644 --- a/caddy.nix +++ b/caddy.nix @@ -1,27 +1,8 @@ { config , pkgs , inputs -, settings , ... -}: -let - elementClient = pkgs.element-web.override { - conf = { - default_server_config.default_server_name = "catnip.ee"; - element_call.use_exclusively = true; - - features = { - feature_video_rooms = true; - feature_element_call_video_rooms = true; - }; - }; - }; - - synapse-admin = pkgs.synapse-admin.override { - baseUrl = "https://matrix.catnip.ee"; - }; -in -{ +}: { systemd.services.caddy = { serviceConfig = { # Required to use ports < 1024 @@ -51,7 +32,6 @@ in respond owo ''; - "http://syncthing.internal".extraConfig = '' @local remote_ip private_ranges 100.64.0.0/10 reverse_proxy @local http://${config.services.syncthing.guiAddress} @@ -63,7 +43,6 @@ in hide .Trash-1000 } ''; - "files.catnip.ee".extraConfig = '' tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} @@ -79,51 +58,6 @@ in hide .Trash-1000 } ''; - - "chat.catnip.ee".extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } - - root * ${elementClient} - file_server - ''; - "synapse-admin.catnip.ee".extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } - - root * ${synapse-admin} - file_server - ''; - "matrix.catnip.ee".extraConfig = '' - tls { - dns cloudflare {env.CLOUDFLARE_API_TOKEN} - resolvers 1.1.1.1 - } - - reverse_proxy :${toString settings.ports.synapse} - - redir /telegram /telegram/ - - handle /.well-known/matrix/client { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}` - } - handle /.well-known/matrix/server { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.server": "matrix.catnip.ee:443"}` - } - - handle /telegram/* { - reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port} - } - ''; - "catnip.ee".extraConfig = '' tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} @@ -154,7 +88,6 @@ in redir https://catnip.ee{uri} permanent ''; - ":80".extraConfig = '' respond awawaw ''; diff --git a/configuration.nix b/configuration.nix index 20cf532..52295eb 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,7 +1,6 @@ { config , pkgs , inputs -, settings , lib , ... }: { @@ -21,9 +20,6 @@ nixpkgs = { config = { allowUnfree = true; - permittedInsecurePackages = [ - "olm-3.2.16" # mautrix-telegram is still using the old one ugh - ]; }; overlays = [ @@ -190,17 +186,11 @@ "/var/lib/tailscale" "/var/lib/caddy" "/var/lib/syncthing" - "/var/lib/matrix-synapse" "/etc/secrets" "/etc/nixos" ]; - exclude = [ - "/var/lib/matrix-synapse/media_store/remote_content" - "/var/lib/matrix-synapse/media_store/remote_thumbnail" - ]; - repo = "ssh://uq9l5635@uq9l5635.repo.borgbase.com/./repo"; encryption = { mode = "repokey-blake2"; @@ -263,69 +253,6 @@ ''; }; - # /var/lib/matrix-synapse - matrix-synapse = { - enable = true; - - extraConfigFiles = [ - "/etc/secrets/synapse.yaml" - ]; - - settings = { - enable_registration = true; - registration_requires_token = true; - max_upload_size = "250M"; - server_name = "catnip.ee"; - public_baseurl = "https://matrix.catnip.ee/"; - - # Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run - # email = { - # smtp_host = "mx1.sly.ee"; - # smtp_user = "matrix@catnip.ee"; - # smtp_pass = ""; - # force_tls = true; - # notif_from = "Matrix "; - # app_name = "Catnip.ee matrix"; - # }; - - server_notices = { - system_mxid_localpart = "server"; - system_mxid_display_name = "Server Notices"; - system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm"; - room_name = "Server Notices"; - auto_join = true; - }; - database = { - name = "psycopg2"; - args = { - database = "matrix-synapse"; - user = "matrix-synapse"; - }; - }; - listeners = [ - { - bind_addresses = [ "127.0.0.1" ]; - port = settings.ports.synapse; - resources = [ - { - compress = true; - names = [ "client" "federation" ]; - } - ]; - tls = false; - type = "http"; - x_forwarded = true; - } - ]; - turn_uris = [ - "turn:${config.services.coturn.realm}:3478?transport=udp" - "turn:${config.services.coturn.realm}:3478?transport=tcp" - ]; - - turn_user_lifetime = "1h"; - }; - }; - openssh = { enable = true; settings = { diff --git a/flake.nix b/flake.nix index de0f4a2..833203f 100644 --- a/flake.nix +++ b/flake.nix @@ -43,10 +43,10 @@ , nixpkgs , ... } @ inputs: { - nixosConfigurations.server = nixpkgs.lib.nixosSystem rec { + nixosConfigurations.server = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { - inherit inputs system; + inherit inputs self; settings = import ./settings.nix { }; }; modules = [ ./configuration.nix ]; diff --git a/services/default.nix b/services/default.nix index ddd81e3..889c033 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,6 +1,5 @@ { ... }: { imports = [ - ./mautrix.nix ./jellyfin.nix ./mastodon.nix ./archivebox.nix @@ -24,5 +23,6 @@ ./komga.nix ./prosody.nix ./scrutiny.nix + ./matrix ]; } \ No newline at end of file diff --git a/services/matrix/default.nix b/services/matrix/default.nix new file mode 100644 index 0000000..bb024b4 --- /dev/null +++ b/services/matrix/default.nix @@ -0,0 +1,7 @@ +{ ... }: { + imports = [ + ./synapse.nix + ./mautrix.nix + ./extras.nix + ]; +} diff --git a/services/matrix/extras.nix b/services/matrix/extras.nix new file mode 100644 index 0000000..40c15df --- /dev/null +++ b/services/matrix/extras.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +let + elementClient = pkgs.element-web.override { + conf = { + default_server_config.default_server_name = "catnip.ee"; + element_call.use_exclusively = true; + + features = { + feature_video_rooms = true; + feature_element_call_video_rooms = true; + }; + }; + }; + + synapse-admin = pkgs.synapse-admin.override { + baseUrl = "https://matrix.catnip.ee"; + }; +in +{ + services.caddy.virtualHosts = { + "chat.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } + + root * ${elementClient} + file_server + ''; + "synapse-admin.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } + + root * ${synapse-admin} + file_server + ''; + }; +} diff --git a/services/mautrix.nix b/services/matrix/mautrix.nix similarity index 94% rename from services/mautrix.nix rename to services/matrix/mautrix.nix index b42c204..77f9fbe 100644 --- a/services/mautrix.nix +++ b/services/matrix/mautrix.nix @@ -1,6 +1,8 @@ -{ pkgs, settings, ... }: let +{ pkgs, settings, ... }: +let appservicePort = 8009; -in { +in +{ virtualisation.oci-containers.containers.mautrix-discord = { autoStart = true; image = "dock.mau.dev/mautrix/discord:v0.7.2"; @@ -12,6 +14,10 @@ in { ]; }; + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" # mautrix-telegram is still using the old one ugh + ]; + services = { # mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html caddy.virtualHosts."discord-media.catnip.ee".extraConfig = '' diff --git a/services/matrix/synapse.nix b/services/matrix/synapse.nix new file mode 100644 index 0000000..fa164e9 --- /dev/null +++ b/services/matrix/synapse.nix @@ -0,0 +1,103 @@ +{ config, settings, ... }: { + services = { + # /var/lib/matrix-synapse + matrix-synapse = { + enable = true; + + extraConfigFiles = [ + "/etc/secrets/synapse.yaml" + ]; + + settings = { + enable_registration = true; + registration_requires_token = true; + max_upload_size = "250M"; + server_name = "catnip.ee"; + public_baseurl = "https://matrix.catnip.ee/"; + + # Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run + # email = { + # smtp_host = "mx1.sly.ee"; + # smtp_user = "matrix@catnip.ee"; + # smtp_pass = ""; + # force_tls = true; + # notif_from = "Matrix "; + # app_name = "Catnip.ee matrix"; + # }; + + server_notices = { + system_mxid_localpart = "server"; + system_mxid_display_name = "Server Notices"; + system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm"; + room_name = "Server Notices"; + auto_join = true; + }; + database = { + name = "psycopg2"; + args = { + database = "matrix-synapse"; + user = "matrix-synapse"; + }; + }; + listeners = [ + { + bind_addresses = [ "127.0.0.1" ]; + port = settings.ports.synapse; + resources = [ + { + compress = true; + names = [ "client" "federation" ]; + } + ]; + tls = false; + type = "http"; + x_forwarded = true; + } + ]; + turn_uris = [ + "turn:${config.services.coturn.realm}:3478?transport=udp" + "turn:${config.services.coturn.realm}:3478?transport=tcp" + ]; + + turn_user_lifetime = "1h"; + }; + }; + + caddy.virtualHosts."matrix.catnip.ee".extraConfig = '' + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + resolvers 1.1.1.1 + } + + reverse_proxy :${toString settings.ports.synapse} + + redir /telegram /telegram/ + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}` + } + handle /.well-known/matrix/server { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.server": "matrix.catnip.ee:443"}` + } + + handle /telegram/* { + reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port} + } + ''; + + borgbackup.jobs."borgbase" = { + paths = [ + "/var/lib/matrix-synapse" + ]; + + exclude = [ + "/var/lib/matrix-synapse/media_store/remote_content" + "/var/lib/matrix-synapse/media_store/remote_thumbnail" + ]; + }; + }; +}