rnhmjoj/maxwell
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

migrate everyhing possible to eurofusion.eu

Browse Source
This commit is contained in:
Michele Guerini Rocco 2024-10-12 20:08:33 +02:00
parent 9e45e1a241
commit ba0efae5ff
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
5 changed files with 32 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
configuration.nix
View File

@ -166,22 +166,27 @@
];
### ACME certificates
security.acme = with config.var; {
security.acme = {
defaults.email = "rnhmjoj@inventati.org";
acceptTerms = true;
certs."${hostname}" = {
certs."maxwell.eurofusion.eu" = {
group = "maxwell-eurofusion-eu";
};
certs."maxwell.ydns.eu" = {
group = "maxwell-ydns-eu";
};
certs."riot.${hostname}" = {
certs."riot.maxwell.ydns.eu" = {
group = "riot-maxwell-ydns-eu";
};
};
# Allow read access to ACME certificate
# to specific (service) users.
users.groups."maxwell-ydns-eu".members = [ "murmur" "nginx" ];
users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ];
users.groups."maxwell-ydns-eu".members = [ "nginx" ];
users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ];
@ -352,6 +357,7 @@
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
appendHttpConfig = disableLog;
# Large enough to allow file uploads.
clientMaxBodySize = "1000M";
@ -363,7 +369,7 @@
enableACME = true;
forceSSL = true;
default = true;
extraConfig = disableLog + enableSTS;
extraConfig = enableSTS;
# Returns IP address
locations."/ip".extraConfig = ''

25
matrix.nix
View File

@ -3,15 +3,17 @@
with config.var;
let
homeserver = "maxwell.ydns.eu";
### Element (Riot) configuration
conf = with config.var; {
default_server_config."m.homeserver" =
{ base_url = "https://${hostname}";
{ base_url = "https://${homeserver}";
server_name = "Maxwell";
};
default_server_config."m.identity_server" =
{ base_url = "https://matrix.org"; };
roomDirectory.servers = [ "matrix.org" hostname ];
roomDirectory.servers = [ "matrix.org" homeserver ];
brand = "Maxwell matrix";
defaultCountryCode = "IT";
@ -24,16 +26,25 @@ let
in
{
# Fallback DNS records
networking.hosts = with config.var;
{ ${ipv4WanAddress} = [ homeserver ];
${ipv6Address} = [ homeserver ];
};
### Reverse proxy locations
services.nginx.virtualHosts."${config.var.hostname}" =
services.nginx.virtualHosts.${homeserver} =
let
client =
{ "m.homeserver" = { "base_url" = "https://${config.var.hostname}"; };
{ "m.homeserver" = { "base_url" = "https://${homeserver}"; };
"m.identity_server" = { "base_url" = "https://matrix.org"; };
};
server = { "m.server" = "${config.var.hostname}:443"; };
server = { "m.server" = "${homeserver}:443"; };
in
{
enableACME = true;
forceSSL = true;
# Needed for matrix federation
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
@ -55,7 +66,7 @@ in
### Element/Riot static location
services.nginx.virtualHosts."riot.${config.var.hostname}" =
services.nginx.virtualHosts."riot.${homeserver}" =
{ enableACME = true;
forceSSL = true;
locations."/" =
@ -68,7 +79,7 @@ in
### Homeserver
services.matrix-synapse.enable = true;
services.matrix-synapse.settings = {
server_name = config.var.hostname;
server_name = homeserver;
# Bind on localhost and used a reverse proxy
listeners = [

1
nameserver.nix
View File

@ -12,6 +12,7 @@
# Configures the bit. zone
resolveNamecoin = true;
dns.port = 54;
settings.export-etc-hosts = true;
};
# Public DNS resolver

2
neovim.nix
View File

@ -2,7 +2,7 @@
let
frameline = pkgs.callPackage (pkgs.fetchFromGitea
{ domain = "maxwell.ydns.eu/git";
{ domain = "maxwell.eurofusion.eu/git";
owner = "rnhmjoj";
repo = "nvim-frameline";
rev = "v0.1.0";

2
variables.nix
View File

@ -9,7 +9,7 @@
type = lib.types.attrs;
readOnly = true;
default = {
hostname = "maxwell.ydns.eu";
hostname = "maxwell.eurofusion.eu";
ipv4WanAddress = "2.35.5.112";
ipv4LanAddress = "192.168.1.5";
ipv6Address = "2001:470:b576:0:230:48ff:fefa:91e1";