migrate matrix to new domain

configuration.nix

@@ -174,20 +174,16 @@
       group = "maxwell-eurofusion-eu";
     };
 
-    certs."maxwell.ydns.eu" = {
-      group = "maxwell-ydns-eu";
+    certs."eurofusion.eu" = {
+      group = "eurofusion-eu";
     };
 
-    certs."riot.maxwell.ydns.eu" = {
-      group = "riot-maxwell-ydns-eu";
-    };
   };
 
   # Allow read access to ACME certificate
   # to specific (service) users.
   users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ];
-  users.groups."maxwell-ydns-eu".members = [ "nginx" ];
-  users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ];
+  users.groups."eurofusion-eu".members = [ "nginx" ];
 
 
   services.openssh = {
@@ -281,7 +277,7 @@
       service.EMAIL_DOMAIN_BLOCKLIST = "gmail.com";
 
       # allow the notify webhook to use matrix
-      webhook.ALLOWED_HOST_LIST = "maxwell.ydns.eu";
+      webhook.ALLOWED_HOST_LIST = "maxwell.eurofusion.eu";
     };
   };
 

custom/modules/asjon.nix

@@ -73,8 +73,8 @@ in {
 
         # Scripts
         AUTO_KILL_ON_UPDATE  = "1";
-        AUTO_INFORM_ON_START = "!kvLvoCovzInhiablSq:maxwell.ydns.eu";
-        ADMIN_ROOM           = "!kvLvoCovzInhiablSq:maxwell.ydns.eu";
+        AUTO_INFORM_ON_START = "!XQJXsOXfTevAiEbDTA:eurofusion.eu";
+        ADMIN_ROOM           = "!XQJXsOXfTevAiEbDTA:eurofusion.eu";
         REV_REMOTE_HOST      = "proxy@rnhmjoj.ydns.eu";
         REV_REMOTE_PORT      = "22";
         REV_KEY              = "~/.ssh/proxy";

matrix.nix

@@ -1,45 +1,20 @@
 { config, lib, pkgs, ... }:
 
-with config.var;
-
 let
-  homeserver = "maxwell.ydns.eu";
-
-  ### Element (Riot) configuration
-  conf = with config.var; {
-      default_server_config."m.homeserver" =
-        { base_url = "https://${homeserver}";
-          server_name = "Maxwell";
-        };
-      default_server_config."m.identity_server" =
-        { base_url = "https://matrix.org"; };
-      roomDirectory.servers = [ "matrix.org" homeserver ];
-
-      brand = "Maxwell matrix";
-      defaultCountryCode = "IT";
-      showLabsSettings = true;
-
-      # Use a trusted Jitsi instance
-      jitsi.preferredDomain = "jitsi.openspeed.org";
-      jitsi.externalApiUrl  = "https://jitsi.openspeed.org/libs/external_api.min.js";
-    };
+  domain = "eurofusion.eu";
 in
 
 {
-  # Fallback DNS records
-  networking.hosts = with config.var;
-    { ${ipv4WanAddress} = [ homeserver ];
-      ${ipv6Address}    = [ homeserver ];
-    };
-
   ### Reverse proxy locations
-  services.nginx.virtualHosts.${homeserver} =
+
+  # Setup for well-known on the bare domain
+  services.nginx.virtualHosts.${domain} =
     let
       client =
-        { "m.homeserver"      =  { "base_url" = "https://${homeserver}"; };
+        { "m.homeserver"      =  { "base_url" = "https://${config.var.hostname}"; };
           "m.identity_server" =  { "base_url" = "https://matrix.org";  };
         };
-      server = { "m.server" = "${homeserver}:443"; };
+      server = { "m.server" = "${config.var.hostname}:443"; };
     in
   {
     enableACME = true;
@@ -58,28 +33,20 @@ in
       add_header Access-Control-Allow-Origin *;
       return 200 '${builtins.toJSON client}';
     '';
-
-    # Forward matrix/admin API calls to synapse
-    locations."/_matrix".proxyPass = "http://localhost:8448";
-    locations."/_synapse".proxyPass = "http://localhost:8448";
   };
 
-
-  ### Element/Riot static location
-  services.nginx.virtualHosts."riot.${homeserver}" =
-  { enableACME = true;
-    forceSSL   = true;
-    locations."/" =
-      { index = "index.html";
-        alias = (pkgs.element-web.override { inherit conf; }) + "/";
-      };
-  };
+  # Forward matrix/admin API calls to synapse
+  services.nginx.virtualHosts.${config.var.hostname} =
+    { locations."/_matrix".proxyPass = "http://localhost:8448";
+      locations."/_synapse".proxyPass = "http://localhost:8448";
+    };
 
 
   ### Homeserver
   services.matrix-synapse.enable = true;
   services.matrix-synapse.settings = {
-    server_name = homeserver;
+    server_name = domain;
+    public_baseurl = "https://${config.var.hostname}/";
 
     # Bind on localhost and used a reverse proxy
     listeners = [
@@ -128,6 +95,7 @@ in
     expire_access_token = true;
     event_cache_size    = "2K";
     max_upload_size     = "1000M";
+    dynamic_thumbnails  = true;
 
     # bridges configuration
     app_service_config_files =
@@ -187,8 +155,8 @@ in
               require = true;
             };
           permissions =
-            { "maxwell.ydns.eu" = "user";
-              "@rnhmjoj:maxwell.ydns.eu" = "admin";
+            { "eurofusion.eu" = "user";
+              "@rnhmjoj:eurofusion.eu" = "admin";
             };
           relay.enabled = false;
           mute_bridging = true;

packages.nix

@@ -5,7 +5,7 @@
   (self: super:
     { maxwell-notify = self.callPackage ./custom/packages/maxwell-notify.nix
         { homeserver = "https://${config.var.hostname}/_matrix/client/r0";
-          roomId     = "!FsUSHSNMPMVTFFcvJo:maxwell.ydns.eu";
+          roomId     = "!mKSxsQWEtUvOBTfjDU:eurofusion.eu";
           authToken  = config.secrets.passwords.matrix;
         };
 
@@ -28,6 +28,7 @@
     # admin
     dnsutils
     matrix-synapse
+    matrix-synapse-tools.synadm
     maxwell-notify
     smartmontools
 

secrets/keys/matrix.tok

@@ -1,7 +1,2 @@
-U2FsdGVkX1+asRsSHeh0/QMEflP9kIgC9Fz6cYDcej5HWQZmPkAemCfoFLV5TkuI
-1hyzwwhvOtZWdBBDdMi9dG2x5m+/fdVIPpMHb9gc7aGuiudXW2uuPIEve9Z4HaTp
-Do6VX/9NTnzRNLZAaFpoBob3r+GF36NJ0tLzaM2VaR/emo0wPkm/0/v3nq/vUZCB
-xCOM7sG2MAQU/3FDcLPpoJL0TwU2AJo+PLdX64+ksOcZDdrv3jy9W+oIpn85VWnO
-YQAQco4rn0zd2zIIj90pIoCZt3MA6hiJlaFnZ1LTRQ/qE8VVTfwsnvAkkaVsmhoU
-fDB1OCVkrg5yVgs/pTwPVQSuXARt3Fg0xYcAz5NhTil08P7DM+D1XSr4NjR9mAwz
-uwAXB3aMn+0=
+U2FsdGVkX1/284cSqdL3Tn4Yv682x+kNJ4OMUrOgaD05vJpoQ284b8Bji4PYvOYG
+UazEOc260aNPofw=

secrets/matrix/email.yaml

@@ -1,7 +1,6 @@
-U2FsdGVkX1/lMbDFKwGd30MFQm79KYXpJ39/KWo0eDhweuW6JgBZXCzIQfsgo0xZ
-Md54zBAYpQ7u+E8G8tuJtnszcFiBDV9ZPCPPCNIzZxT3X4/k3Z/BJrBz8n8tIiLI
-zB+aECv9WZfUfposKAUAVHXnjTQAQcJHArPH3+wEAhxU7Ck6CoPzWQi7jPqP7KbT
-V8wTTGUbRUA+PGGur7D8z+Eg9Jr+Uj/3N/bOtMxLAvTcJDiJ7LqEkSG7tBJvx1gx
-gXk9BQZ6ZWZ9z2DS3AITRXakiJ85o1cUf6eVjtgmTfpzN6E5TL3nsNHpBxsZEjmM
-sJs4945wvrMzLCmraXzoqIXONEDhZtDaRxI2go3SKep6t2m6fRyiw2tb39X8FHO5
-cL2KstGwC7aH82Y/5r3bV94eSdObuCMUxmbM659bILok05kWM8DYbA==
+U2FsdGVkX19+JQDp/hdBBgL5TR0tiYujBpbUQ3e7ArhQI9xbGKeRiKi4Bk4tw8rV
+MrxwU3Fk95sY75vsnU3uvkMSo6KFVbiOLiGTiFwnT3gwwHWKem1yxJCLmxcP+h4G
+SGu8lcGpM4ZUy2yAnt7WowyzQiYmO0Vp8xP1RCmH0z2UdcDhqZB9LjKgEnpVSC4I
+i5Se0fX9PB5/oWMCc0kPX9XYz0+/hPlgzcbaS6GT8mN0o08rHtMhN2gvV/xlONZ4
+V0JXg7SYuTXz8cRtjLIr3sIwCOU+uBqrIHHvtjFclto0/zsFtfa00FomIMFDCv40
+UHE2e7HJc4EXQT55QlcIbL4PdtxTI5gp+Id+eSI6vZF+dPWHKYO4Ug==