diff --git a/configuration.nix b/configuration.nix index 01ee76f..6bf91c8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -166,22 +166,27 @@ ]; ### ACME certificates - security.acme = with config.var; { + security.acme = { defaults.email = "rnhmjoj@inventati.org"; acceptTerms = true; - certs."${hostname}" = { + certs."maxwell.eurofusion.eu" = { + group = "maxwell-eurofusion-eu"; + }; + + certs."maxwell.ydns.eu" = { group = "maxwell-ydns-eu"; }; - certs."riot.${hostname}" = { + certs."riot.maxwell.ydns.eu" = { group = "riot-maxwell-ydns-eu"; }; }; # Allow read access to ACME certificate # to specific (service) users. - users.groups."maxwell-ydns-eu".members = [ "murmur" "nginx" ]; + users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ]; + users.groups."maxwell-ydns-eu".members = [ "nginx" ]; users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ]; @@ -352,6 +357,7 @@ recommendedTlsSettings = true; recommendedGzipSettings = true; recommendedProxySettings = true; + appendHttpConfig = disableLog; # Large enough to allow file uploads. clientMaxBodySize = "1000M"; @@ -363,7 +369,7 @@ enableACME = true; forceSSL = true; default = true; - extraConfig = disableLog + enableSTS; + extraConfig = enableSTS; # Returns IP address locations."/ip".extraConfig = '' diff --git a/matrix.nix b/matrix.nix index e5e686c..f988521 100644 --- a/matrix.nix +++ b/matrix.nix @@ -3,15 +3,17 @@ with config.var; let + homeserver = "maxwell.ydns.eu"; + ### Element (Riot) configuration conf = with config.var; { default_server_config."m.homeserver" = - { base_url = "https://${hostname}"; + { base_url = "https://${homeserver}"; server_name = "Maxwell"; }; default_server_config."m.identity_server" = { base_url = "https://matrix.org"; }; - roomDirectory.servers = [ "matrix.org" hostname ]; + roomDirectory.servers = [ "matrix.org" homeserver ]; brand = "Maxwell matrix"; defaultCountryCode = "IT"; @@ -24,16 +26,25 @@ let in { + # Fallback DNS records + networking.hosts = with config.var; + { ${ipv4WanAddress} = [ homeserver ]; + ${ipv6Address} = [ homeserver ]; + }; + ### Reverse proxy locations - services.nginx.virtualHosts."${config.var.hostname}" = + services.nginx.virtualHosts.${homeserver} = let client = - { "m.homeserver" = { "base_url" = "https://${config.var.hostname}"; }; + { "m.homeserver" = { "base_url" = "https://${homeserver}"; }; "m.identity_server" = { "base_url" = "https://matrix.org"; }; }; - server = { "m.server" = "${config.var.hostname}:443"; }; + server = { "m.server" = "${homeserver}:443"; }; in { + enableACME = true; + forceSSL = true; + # Needed for matrix federation locations."/.well-known/matrix/server".extraConfig = '' add_header Content-Type application/json; @@ -55,7 +66,7 @@ in ### Element/Riot static location - services.nginx.virtualHosts."riot.${config.var.hostname}" = + services.nginx.virtualHosts."riot.${homeserver}" = { enableACME = true; forceSSL = true; locations."/" = @@ -68,7 +79,7 @@ in ### Homeserver services.matrix-synapse.enable = true; services.matrix-synapse.settings = { - server_name = config.var.hostname; + server_name = homeserver; # Bind on localhost and used a reverse proxy listeners = [ diff --git a/nameserver.nix b/nameserver.nix index 9b21501..2e280b6 100644 --- a/nameserver.nix +++ b/nameserver.nix @@ -12,6 +12,7 @@ # Configures the bit. zone resolveNamecoin = true; dns.port = 54; + settings.export-etc-hosts = true; }; # Public DNS resolver diff --git a/neovim.nix b/neovim.nix index a1c9aa9..53eab32 100644 --- a/neovim.nix +++ b/neovim.nix @@ -2,7 +2,7 @@ let frameline = pkgs.callPackage (pkgs.fetchFromGitea - { domain = "maxwell.ydns.eu/git"; + { domain = "maxwell.eurofusion.eu/git"; owner = "rnhmjoj"; repo = "nvim-frameline"; rev = "v0.1.0"; diff --git a/variables.nix b/variables.nix index 0387616..ba72186 100644 --- a/variables.nix +++ b/variables.nix @@ -9,7 +9,7 @@ type = lib.types.attrs; readOnly = true; default = { - hostname = "maxwell.ydns.eu"; + hostname = "maxwell.eurofusion.eu"; ipv4WanAddress = "2.35.5.112"; ipv4LanAddress = "192.168.1.5"; ipv6Address = "2001:470:b576:0:230:48ff:fefa:91e1";