{ config, lib, pkgs, ... }: let serverName = "vimium.com"; useElement = true; usePostgresql = true; bridges = { signal = true; whatsapp = true; }; matrixSubdomain = "matrix.${serverName}"; elementSubdomain = "chat.${serverName}"; matrixClientConfig = { "m.homeserver" = { base_url = "https://${matrixSubdomain}"; server_name = serverName; }; "m.identity_server" = { "base_url" = "https://vector.im"; }; }; matrixServerConfig."m.server" = "${matrixSubdomain}:443"; commonBridgeSettings = bridge: { appservice = { database = lib.mkIf usePostgresql { type = "postgres"; uri = "postgresql:///${bridge}?host=/run/postgresql"; }; }; bridge = { encryption = { allow = true; default = true; require = true; }; permissions = { "${serverName}" = "user"; "@jordan:${serverName}" = "admin"; }; provisioning = { shared_secret = "disable"; }; }; homeserver = { address = "https://${matrixSubdomain}"; domain = serverName; }; }; in { networking.firewall.allowedTCPPorts = [ 8448 # Matrix federation ]; security.acme.certs = { "${matrixSubdomain}" = { reloadServices = [ "matrix-synapse" ]; }; }; services.nginx.virtualHosts = { "${matrixSubdomain}" = { forceSSL = true; enableACME = true; listen = [ { addr = "0.0.0.0"; port = 443; ssl = true; } { addr = "0.0.0.0"; port = 80; } { addr = "0.0.0.0"; port = 8448; ssl = true; } { addr = "[::1]"; port = 443; ssl = true; } { addr = "[::1]"; port = 80; } { addr = "[::1]"; port = 8448; ssl = true; } ]; locations = { "/" = { proxyPass = "http://localhost:8008"; extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; ''; }; "/_matrix" = { proxyPass = "http://localhost:8008"; extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; client_max_body_size 50M; ''; }; "/_synapse/client".proxyPass = "http://localhost:8008"; }; }; "${serverName}" = let mkWellKnown = data: '' more_set_headers 'Content-Type: application/json'; return 200 '${builtins.toJSON data}'; ''; in { locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig); locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig); }; } // ( if useElement then { "${elementSubdomain}" = { forceSSL = true; enableACME = true; root = pkgs.unstable.element-web.override { conf = { default_server_config = matrixClientConfig; brand = "Vimium Chat"; branding = { auth_header_logo_url = "https://vimium.com/images/logo.svg"; auth_footer_links = [ { "text" = "Vimium.com"; "url" = "https://vimium.com"; } ]; }; }; }; }; } else { } ); nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" "olm-3.2.16" ]; services.matrix-synapse = { enable = true; enableRegistrationScript = true; settings = { database.name = (if usePostgresql then "psycopg2" else "sqlite3"); enable_metrics = false; enable_registration = false; max_upload_size = "100M"; report_stats = false; server_name = serverName; }; }; systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = ( lib.optional bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group ); services.postgresql = lib.mkIf usePostgresql { ensureUsers = [ { name = "matrix-synapse"; ensureDBOwnership = true; } ] ++ (lib.optional bridges.signal { name = "mautrix-signal"; ensureDBOwnership = true; }) ++ (lib.optional bridges.whatsapp { name = "mautrix-whatsapp"; ensureDBOwnership = true; }); ensureDatabases = [ "matrix-synapse" ] ++ (lib.optional bridges.signal "mautrix-signal") ++ (lib.optional bridges.whatsapp "mautrix-whatsapp"); }; services.mautrix-signal = lib.mkIf bridges.signal { enable = true; settings = commonBridgeSettings "mautrix-signal"; }; services.mautrix-whatsapp = lib.mkIf bridges.whatsapp { enable = true; settings = { bridge = { history_sync = { backfill = true; max_initial_conversations = -1; message_count = 50; request_full_sync = true; }; mute_bridging = true; }; } // commonBridgeSettings "mautrix-whatsapp"; }; }