From 0c390a7c9100b460a3e36389ab94ab8ab20b8508 Mon Sep 17 00:00:00 2001 From: Jordan Holt Date: Mon, 10 Mar 2025 15:59:15 +0000 Subject: [PATCH] matrix: move out of module --- hosts/vps1/default.nix | 11 +- hosts/vps1/matrix.nix | 221 ++++++++++++++++++++++++++ modules/nixos/services/matrix.nix | 248 ------------------------------ 3 files changed, 223 insertions(+), 257 deletions(-) create mode 100644 hosts/vps1/matrix.nix delete mode 100644 modules/nixos/services/matrix.nix diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix index 7153328..ac378dc 100644 --- a/hosts/vps1/default.nix +++ b/hosts/vps1/default.nix @@ -8,6 +8,7 @@ ./hardware-configuration.nix ./gitea.nix ./kanidm.nix + ./matrix.nix ./outline.nix ./photoprism.nix ../server.nix @@ -50,7 +51,7 @@ services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; - modules = rec { + modules = { services = { borgmatic = { enable = true; @@ -67,14 +68,6 @@ matrixIntegration = true; }; headscale.enable = true; - matrix = { - enable = true; - bridges = { - signal = true; - whatsapp = true; - }; - usePostgresql = services.postgresql.enable; - }; nginx.enable = true; postgresql.enable = true; }; diff --git a/hosts/vps1/matrix.nix b/hosts/vps1/matrix.nix new file mode 100644 index 0000000..c230d71 --- /dev/null +++ b/hosts/vps1/matrix.nix @@ -0,0 +1,221 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + serverName = "vimium.com"; + useElement = true; + usePostgresql = true; + bridges = { + signal = true; + whatsapp = true; + }; + matrixSubdomain = "matrix.${serverName}"; + elementSubdomain = "chat.${serverName}"; + matrixClientConfig = { + "m.homeserver" = { + base_url = "https://${matrixSubdomain}"; + server_name = serverName; + }; + "m.identity_server" = { + "base_url" = "https://vector.im"; + }; + }; + matrixServerConfig."m.server" = "${matrixSubdomain}:443"; + commonBridgeSettings = bridge: { + appservice = { + database = lib.mkIf usePostgresql { + type = "postgres"; + uri = "postgresql:///${bridge}?host=/run/postgresql"; + }; + }; + bridge = { + encryption = { + allow = true; + default = true; + require = true; + }; + permissions = { + "${serverName}" = "user"; + "@jordan:${serverName}" = "admin"; + }; + provisioning = { + shared_secret = "disable"; + }; + }; + homeserver = { + address = "https://${matrixSubdomain}"; + domain = serverName; + }; + }; +in +{ + networking.firewall.allowedTCPPorts = [ + 8448 # Matrix federation + ]; + + security.acme.certs = { + "${matrixSubdomain}" = { + reloadServices = [ "matrix-synapse" ]; + }; + }; + + services.nginx.virtualHosts = + { + "${matrixSubdomain}" = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::1]"; + port = 443; + ssl = true; + } + { + addr = "[::1]"; + port = 80; + } + { + addr = "[::1]"; + port = 8448; + ssl = true; + } + ]; + locations = { + "/" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + ''; + }; + "/_matrix" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + proxy_set_header X-Forwarded-For $remote_addr; + client_max_body_size 50M; + ''; + }; + "/_synapse/client".proxyPass = "http://localhost:8008"; + }; + }; + "${cfg.serverName}" = + let + mkWellKnown = data: '' + more_set_headers 'Content-Type: application/json'; + return 200 '${builtins.toJSON data}'; + ''; + in + { + locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); + locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); + }; + } + // ( + if useElement then + { + "${elementSubdomain}" = { + forceSSL = true; + enableACME = true; + root = pkgs.unstable.element-web.override { + conf = { + default_server_config = matrixClientConfig; + brand = "Vimium Chat"; + branding = { + auth_header_logo_url = "https://vimium.com/images/logo.svg"; + auth_footer_links = [ + { + "text" = "Vimium.com"; + "url" = "https://vimium.com"; + } + ]; + }; + }; + }; + }; + } + else + { } + ); + + nixpkgs.config.permittedInsecurePackages = [ + "jitsi-meet-1.0.8043" + "olm-3.2.16" + ]; + + services.matrix-synapse = { + enable = true; + enableRegistrationScript = true; + settings = { + database.name = (if usePostgresql then "psycopg2" else "sqlite3"); + enable_metrics = false; + enable_registration = false; + max_upload_size = "100M"; + report_stats = false; + server_name = serverName; + }; + }; + systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = ( + lib.optional bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group + ); + + services.postgresql = lib.mkIf usePostgresql { + ensureUsers = + [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + } + ] + ++ (lib.optional bridges.signal { + name = "mautrix-signal"; + ensureDBOwnership = true; + }) + ++ (lib.optional bridges.whatsapp { + name = "mautrix-whatsapp"; + ensureDBOwnership = true; + }); + ensureDatabases = + [ + "matrix-synapse" + ] + ++ (lib.optional bridges.signal "mautrix-signal") + ++ (lib.optional bridges.whatsapp "mautrix-whatsapp"); + }; + + services.mautrix-signal = lib.mkIf bridges.signal { + enable = true; + settings = commonBridgeSettings "mautrix-signal"; + }; + + services.mautrix-whatsapp = lib.mkIf bridges.whatsapp { + enable = true; + settings = { + bridge = { + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = 50; + request_full_sync = true; + }; + mute_bridging = true; + }; + } // commonBridgeSettings "mautrix-whatsapp"; + }; +} diff --git a/modules/nixos/services/matrix.nix b/modules/nixos/services/matrix.nix deleted file mode 100644 index 94eeaca..0000000 --- a/modules/nixos/services/matrix.nix +++ /dev/null @@ -1,248 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - cfg = config.modules.services.matrix; -in -{ - options.modules.services.matrix = { - enable = lib.mkEnableOption "matrix"; - element = { - enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; - }; - bridges = { - signal = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable Signal bridge."; - }; - whatsapp = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable WhatsApp bridge."; - }; - }; - serverName = lib.mkOption { - type = lib.types.str; - default = "vimium.com"; - example = "vimium.com"; - }; - usePostgresql = lib.mkEnableOption "postgresql"; - }; - - config = - let - matrixSubdomain = "matrix.${cfg.serverName}"; - elementSubdomain = "chat.${cfg.serverName}"; - matrixClientConfig = { - "m.homeserver" = { - base_url = "https://${matrixSubdomain}"; - server_name = cfg.serverName; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; - matrixServerConfig."m.server" = "${matrixSubdomain}:443"; - commonBridgeSettings = bridge: { - appservice = { - database = lib.mkIf cfg.usePostgresql { - type = "postgres"; - uri = "postgresql:///${bridge}?host=/run/postgresql"; - }; - }; - bridge = { - encryption = { - allow = true; - default = true; - require = true; - }; - permissions = { - "${cfg.serverName}" = "user"; - "@jordan:${cfg.serverName}" = "admin"; - }; - provisioning = { - shared_secret = "disable"; - }; - }; - homeserver = { - address = "https://${matrixSubdomain}"; - domain = cfg.serverName; - }; - }; - in - lib.mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ - 8448 # Matrix federation - ]; - - security.acme.certs = { - "${matrixSubdomain}" = { - reloadServices = [ "matrix-synapse" ]; - }; - }; - - services.nginx.virtualHosts = - { - "${matrixSubdomain}" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::1]"; - port = 443; - ssl = true; - } - { - addr = "[::1]"; - port = 80; - } - { - addr = "[::1]"; - port = 8448; - ssl = true; - } - ]; - locations = { - "/" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - ''; - }; - "/_matrix" = { - proxyPass = "http://localhost:8008"; - extraConfig = '' - proxy_set_header X-Forwarded-For $remote_addr; - client_max_body_size 50M; - ''; - }; - "/_synapse/client".proxyPass = "http://localhost:8008"; - }; - }; - "${cfg.serverName}" = - let - mkWellKnown = data: '' - more_set_headers 'Content-Type: application/json'; - return 200 '${builtins.toJSON data}'; - ''; - in - { - locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); - locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); - }; - } - // ( - if cfg.element.enable then - { - "${elementSubdomain}" = { - forceSSL = true; - enableACME = true; - root = pkgs.unstable.element-web.override { - conf = { - default_server_config = matrixClientConfig; - brand = "Vimium Chat"; - branding = { - auth_header_logo_url = "https://vimium.com/images/logo.svg"; - auth_footer_links = [ - { - "text" = "Vimium.com"; - "url" = "https://vimium.com"; - } - ]; - }; - }; - }; - }; - } - else - { } - ); - - nixpkgs.config.permittedInsecurePackages = [ - "jitsi-meet-1.0.8043" - "olm-3.2.16" - ]; - - services.matrix-synapse = { - enable = true; - enableRegistrationScript = true; - settings = { - database.name = (if cfg.usePostgresql then "psycopg2" else "sqlite3"); - enable_metrics = false; - enable_registration = false; - max_upload_size = "100M"; - report_stats = false; - server_name = cfg.serverName; - }; - }; - systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = ( - lib.optional cfg.bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group - ); - - services.postgresql = lib.mkIf cfg.usePostgresql { - ensureUsers = - [ - { - name = "matrix-synapse"; - ensureDBOwnership = true; - } - ] - ++ (lib.optional cfg.bridges.signal { - name = "mautrix-signal"; - ensureDBOwnership = true; - }) - ++ (lib.optional cfg.bridges.whatsapp { - name = "mautrix-whatsapp"; - ensureDBOwnership = true; - }); - ensureDatabases = - [ - "matrix-synapse" - ] - ++ (lib.optional cfg.bridges.signal "mautrix-signal") - ++ (lib.optional cfg.bridges.whatsapp "mautrix-whatsapp"); - }; - - services.mautrix-signal = lib.mkIf cfg.bridges.signal { - enable = true; - settings = commonBridgeSettings "mautrix-signal"; - }; - - services.mautrix-whatsapp = lib.mkIf cfg.bridges.whatsapp { - enable = true; - settings = { - bridge = { - history_sync = { - backfill = true; - max_initial_conversations = -1; - message_count = 50; - request_full_sync = true; - }; - mute_bridging = true; - }; - } // commonBridgeSettings "mautrix-whatsapp"; - }; - }; -}