rnhmjoj/maxwell
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

migrate matrix to new domain

Browse Source
This commit is contained in:
Michele Guerini Rocco 2024-10-22 23:54:45 +02:00
parent 6038205427
commit 3ce8688070
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
6 changed files with 32 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
configuration.nix
View File

@ -174,20 +174,16 @@
group = "maxwell-eurofusion-eu"; group = "maxwell-eurofusion-eu";
}; };
certs."maxwell.ydns.eu" = { certs."eurofusion.eu" = {
group = "maxwell-ydns-eu"; group = "eurofusion-eu";
}; };
certs."riot.maxwell.ydns.eu" = {
group = "riot-maxwell-ydns-eu";
};
}; };
# Allow read access to ACME certificate # Allow read access to ACME certificate
# to specific (service) users. # to specific (service) users.
users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ]; users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ];
users.groups."maxwell-ydns-eu".members = [ "nginx" ]; users.groups."eurofusion-eu".members = [ "nginx" ];
users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ];
services.openssh = { services.openssh = {
@ -281,7 +277,7 @@
service.EMAIL_DOMAIN_BLOCKLIST = "gmail.com"; service.EMAIL_DOMAIN_BLOCKLIST = "gmail.com";
# allow the notify webhook to use matrix # allow the notify webhook to use matrix
webhook.ALLOWED_HOST_LIST = "maxwell.ydns.eu"; webhook.ALLOWED_HOST_LIST = "maxwell.eurofusion.eu";
}; };
}; };

4
custom/modules/asjon.nix
View File

@ -73,8 +73,8 @@ in {
# Scripts # Scripts
AUTO_KILL_ON_UPDATE = "1"; AUTO_KILL_ON_UPDATE = "1";
AUTO_INFORM_ON_START = "!kvLvoCovzInhiablSq:maxwell.ydns.eu"; AUTO_INFORM_ON_START = "!XQJXsOXfTevAiEbDTA:eurofusion.eu";
ADMIN_ROOM = "!kvLvoCovzInhiablSq:maxwell.ydns.eu"; ADMIN_ROOM = "!XQJXsOXfTevAiEbDTA:eurofusion.eu";
REV_REMOTE_HOST = "proxy@rnhmjoj.ydns.eu"; REV_REMOTE_HOST = "proxy@rnhmjoj.ydns.eu";
REV_REMOTE_PORT = "22"; REV_REMOTE_PORT = "22";
REV_KEY = "~/.ssh/proxy"; REV_KEY = "~/.ssh/proxy";

64
matrix.nix
View File

@ -1,45 +1,20 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with config.var;
let let
homeserver = "maxwell.ydns.eu"; domain = "eurofusion.eu";
### Element (Riot) configuration
conf = with config.var; {
default_server_config."m.homeserver" =
{ base_url = "https://${homeserver}";
server_name = "Maxwell";
};
default_server_config."m.identity_server" =
{ base_url = "https://matrix.org"; };
roomDirectory.servers = [ "matrix.org" homeserver ];
brand = "Maxwell matrix";
defaultCountryCode = "IT";
showLabsSettings = true;
# Use a trusted Jitsi instance
jitsi.preferredDomain = "jitsi.openspeed.org";
jitsi.externalApiUrl = "https://jitsi.openspeed.org/libs/external_api.min.js";
};
in in
{ {
# Fallback DNS records
networking.hosts = with config.var;
{ ${ipv4WanAddress} = [ homeserver ];
${ipv6Address} = [ homeserver ];
};
### Reverse proxy locations ### Reverse proxy locations
services.nginx.virtualHosts.${homeserver} =
# Setup for well-known on the bare domain
services.nginx.virtualHosts.${domain} =
let let
client = client =
{ "m.homeserver" = { "base_url" = "https://${homeserver}"; }; { "m.homeserver" = { "base_url" = "https://${config.var.hostname}"; };
"m.identity_server" = { "base_url" = "https://matrix.org"; }; "m.identity_server" = { "base_url" = "https://matrix.org"; };
}; };
server = { "m.server" = "${homeserver}:443"; }; server = { "m.server" = "${config.var.hostname}:443"; };
in in
{ {
enableACME = true; enableACME = true;
@ -58,28 +33,20 @@ in
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}'; return 200 '${builtins.toJSON client}';
''; '';
# Forward matrix/admin API calls to synapse
locations."/_matrix".proxyPass = "http://localhost:8448";
locations."/_synapse".proxyPass = "http://localhost:8448";
}; };
# Forward matrix/admin API calls to synapse
### Element/Riot static location services.nginx.virtualHosts.${config.var.hostname} =
services.nginx.virtualHosts."riot.${homeserver}" = { locations."/_matrix".proxyPass = "http://localhost:8448";
{ enableACME = true; locations."/_synapse".proxyPass = "http://localhost:8448";
forceSSL = true; };
locations."/" =
{ index = "index.html";
alias = (pkgs.element-web.override { inherit conf; }) + "/";
};
};
### Homeserver ### Homeserver
services.matrix-synapse.enable = true; services.matrix-synapse.enable = true;
services.matrix-synapse.settings = { services.matrix-synapse.settings = {
server_name = homeserver; server_name = domain;
public_baseurl = "https://${config.var.hostname}/";
# Bind on localhost and used a reverse proxy # Bind on localhost and used a reverse proxy
listeners = [ listeners = [
@ -128,6 +95,7 @@ in
expire_access_token = true; expire_access_token = true;
event_cache_size = "2K"; event_cache_size = "2K";
max_upload_size = "1000M"; max_upload_size = "1000M";
dynamic_thumbnails = true;
# bridges configuration # bridges configuration
app_service_config_files = app_service_config_files =
@ -187,8 +155,8 @@ in
require = true; require = true;
}; };
permissions = permissions =
{ "maxwell.ydns.eu" = "user"; { "eurofusion.eu" = "user";
"@rnhmjoj:maxwell.ydns.eu" = "admin"; "@rnhmjoj:eurofusion.eu" = "admin";
}; };
relay.enabled = false; relay.enabled = false;
mute_bridging = true; mute_bridging = true;

3
packages.nix
View File

@ -5,7 +5,7 @@
(self: super: (self: super:
{ maxwell-notify = self.callPackage ./custom/packages/maxwell-notify.nix { maxwell-notify = self.callPackage ./custom/packages/maxwell-notify.nix
{ homeserver = "https://${config.var.hostname}/_matrix/client/r0"; { homeserver = "https://${config.var.hostname}/_matrix/client/r0";
roomId = "!FsUSHSNMPMVTFFcvJo:maxwell.ydns.eu"; roomId = "!mKSxsQWEtUvOBTfjDU:eurofusion.eu";
authToken = config.secrets.passwords.matrix; authToken = config.secrets.passwords.matrix;
}; };
@ -28,6 +28,7 @@
# admin # admin
dnsutils dnsutils
matrix-synapse matrix-synapse
matrix-synapse-tools.synadm
maxwell-notify maxwell-notify
smartmontools smartmontools

9
secrets/keys/matrix.tok
View File

@ -1,7 +1,2 @@
U2FsdGVkX1+asRsSHeh0/QMEflP9kIgC9Fz6cYDcej5HWQZmPkAemCfoFLV5TkuI U2FsdGVkX1/284cSqdL3Tn4Yv682x+kNJ4OMUrOgaD05vJpoQ284b8Bji4PYvOYG
1hyzwwhvOtZWdBBDdMi9dG2x5m+/fdVIPpMHb9gc7aGuiudXW2uuPIEve9Z4HaTp UazEOc260aNPofw=
Do6VX/9NTnzRNLZAaFpoBob3r+GF36NJ0tLzaM2VaR/emo0wPkm/0/v3nq/vUZCB
xCOM7sG2MAQU/3FDcLPpoJL0TwU2AJo+PLdX64+ksOcZDdrv3jy9W+oIpn85VWnO
YQAQco4rn0zd2zIIj90pIoCZt3MA6hiJlaFnZ1LTRQ/qE8VVTfwsnvAkkaVsmhoU
fDB1OCVkrg5yVgs/pTwPVQSuXARt3Fg0xYcAz5NhTil08P7DM+D1XSr4NjR9mAwz
uwAXB3aMn+0=

13
secrets/matrix/email.yaml
View File

@ -1,7 +1,6 @@
U2FsdGVkX1/lMbDFKwGd30MFQm79KYXpJ39/KWo0eDhweuW6JgBZXCzIQfsgo0xZ U2FsdGVkX19+JQDp/hdBBgL5TR0tiYujBpbUQ3e7ArhQI9xbGKeRiKi4Bk4tw8rV
Md54zBAYpQ7u+E8G8tuJtnszcFiBDV9ZPCPPCNIzZxT3X4/k3Z/BJrBz8n8tIiLI MrxwU3Fk95sY75vsnU3uvkMSo6KFVbiOLiGTiFwnT3gwwHWKem1yxJCLmxcP+h4G
zB+aECv9WZfUfposKAUAVHXnjTQAQcJHArPH3+wEAhxU7Ck6CoPzWQi7jPqP7KbT SGu8lcGpM4ZUy2yAnt7WowyzQiYmO0Vp8xP1RCmH0z2UdcDhqZB9LjKgEnpVSC4I
V8wTTGUbRUA+PGGur7D8z+Eg9Jr+Uj/3N/bOtMxLAvTcJDiJ7LqEkSG7tBJvx1gx i5Se0fX9PB5/oWMCc0kPX9XYz0+/hPlgzcbaS6GT8mN0o08rHtMhN2gvV/xlONZ4
gXk9BQZ6ZWZ9z2DS3AITRXakiJ85o1cUf6eVjtgmTfpzN6E5TL3nsNHpBxsZEjmM V0JXg7SYuTXz8cRtjLIr3sIwCOU+uBqrIHHvtjFclto0/zsFtfa00FomIMFDCv40
sJs4945wvrMzLCmraXzoqIXONEDhZtDaRxI2go3SKep6t2m6fRyiw2tb39X8FHO5 UHE2e7HJc4EXQT55QlcIbL4PdtxTI5gp+Id+eSI6vZF+dPWHKYO4Ug==
cL2KstGwC7aH82Y/5r3bV94eSdObuCMUxmbM659bILok05kWM8DYbA==