rnhmjoj/maxwell
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

migrate everyhing possible to eurofusion.eu

Browse Source
This commit is contained in:
Michele Guerini Rocco 2024-10-12 20:08:33 +02:00
parent 9e45e1a241
commit ba0efae5ff
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
5 changed files with 32 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
configuration.nix
View File

@ -166,22 +166,27 @@
]; ];
### ACME certificates ### ACME certificates
security.acme = with config.var; { security.acme = {
defaults.email = "rnhmjoj@inventati.org"; defaults.email = "rnhmjoj@inventati.org";
acceptTerms = true; acceptTerms = true;
certs."${hostname}" = { certs."maxwell.eurofusion.eu" = {
group = "maxwell-eurofusion-eu";
};
certs."maxwell.ydns.eu" = {
group = "maxwell-ydns-eu"; group = "maxwell-ydns-eu";
}; };
certs."riot.${hostname}" = { certs."riot.maxwell.ydns.eu" = {
group = "riot-maxwell-ydns-eu"; group = "riot-maxwell-ydns-eu";
}; };
}; };
# Allow read access to ACME certificate # Allow read access to ACME certificate
# to specific (service) users. # to specific (service) users.
users.groups."maxwell-ydns-eu".members = [ "murmur" "nginx" ]; users.groups."maxwell-eurofusion-eu".members = [ "murmur" "nginx" ];
users.groups."maxwell-ydns-eu".members = [ "nginx" ];
users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ]; users.groups."riot-maxwell-ydns-eu".members = [ "nginx" ];
@ -352,6 +357,7 @@
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
appendHttpConfig = disableLog;
# Large enough to allow file uploads. # Large enough to allow file uploads.
clientMaxBodySize = "1000M"; clientMaxBodySize = "1000M";
@ -363,7 +369,7 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
default = true; default = true;
extraConfig = disableLog + enableSTS; extraConfig = enableSTS;
# Returns IP address # Returns IP address
locations."/ip".extraConfig = '' locations."/ip".extraConfig = ''

25
matrix.nix
View File

@ -3,15 +3,17 @@
with config.var; with config.var;
let let
homeserver = "maxwell.ydns.eu";
### Element (Riot) configuration ### Element (Riot) configuration
conf = with config.var; { conf = with config.var; {
default_server_config."m.homeserver" = default_server_config."m.homeserver" =
{ base_url = "https://${hostname}"; { base_url = "https://${homeserver}";
server_name = "Maxwell"; server_name = "Maxwell";
}; };
default_server_config."m.identity_server" = default_server_config."m.identity_server" =
{ base_url = "https://matrix.org"; }; { base_url = "https://matrix.org"; };
roomDirectory.servers = [ "matrix.org" hostname ]; roomDirectory.servers = [ "matrix.org" homeserver ];
brand = "Maxwell matrix"; brand = "Maxwell matrix";
defaultCountryCode = "IT"; defaultCountryCode = "IT";
@ -24,16 +26,25 @@ let
in in
{ {
# Fallback DNS records
networking.hosts = with config.var;
{ ${ipv4WanAddress} = [ homeserver ];
${ipv6Address} = [ homeserver ];
};
### Reverse proxy locations ### Reverse proxy locations
services.nginx.virtualHosts."${config.var.hostname}" = services.nginx.virtualHosts.${homeserver} =
let let
client = client =
{ "m.homeserver" = { "base_url" = "https://${config.var.hostname}"; }; { "m.homeserver" = { "base_url" = "https://${homeserver}"; };
"m.identity_server" = { "base_url" = "https://matrix.org"; }; "m.identity_server" = { "base_url" = "https://matrix.org"; };
}; };
server = { "m.server" = "${config.var.hostname}:443"; }; server = { "m.server" = "${homeserver}:443"; };
in in
{ {
enableACME = true;
forceSSL = true;
# Needed for matrix federation # Needed for matrix federation
locations."/.well-known/matrix/server".extraConfig = '' locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json; add_header Content-Type application/json;
@ -55,7 +66,7 @@ in
### Element/Riot static location ### Element/Riot static location
services.nginx.virtualHosts."riot.${config.var.hostname}" = services.nginx.virtualHosts."riot.${homeserver}" =
{ enableACME = true; { enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = locations."/" =
@ -68,7 +79,7 @@ in
### Homeserver ### Homeserver
services.matrix-synapse.enable = true; services.matrix-synapse.enable = true;
services.matrix-synapse.settings = { services.matrix-synapse.settings = {
server_name = config.var.hostname; server_name = homeserver;
# Bind on localhost and used a reverse proxy # Bind on localhost and used a reverse proxy
listeners = [ listeners = [

1
nameserver.nix
View File

@ -12,6 +12,7 @@
# Configures the bit. zone # Configures the bit. zone
resolveNamecoin = true; resolveNamecoin = true;
dns.port = 54; dns.port = 54;
settings.export-etc-hosts = true;
}; };
# Public DNS resolver # Public DNS resolver

2
neovim.nix
View File

@ -2,7 +2,7 @@
let let
frameline = pkgs.callPackage (pkgs.fetchFromGitea frameline = pkgs.callPackage (pkgs.fetchFromGitea
{ domain = "maxwell.ydns.eu/git"; { domain = "maxwell.eurofusion.eu/git";
owner = "rnhmjoj"; owner = "rnhmjoj";
repo = "nvim-frameline"; repo = "nvim-frameline";
rev = "v0.1.0"; rev = "v0.1.0";

2
variables.nix
View File

@ -9,7 +9,7 @@
type = lib.types.attrs; type = lib.types.attrs;
readOnly = true; readOnly = true;
default = { default = {
hostname = "maxwell.ydns.eu"; hostname = "maxwell.eurofusion.eu";
ipv4WanAddress = "2.35.5.112"; ipv4WanAddress = "2.35.5.112";
ipv4LanAddress = "192.168.1.5"; ipv4LanAddress = "192.168.1.5";
ipv6Address = "2001:470:b576:0:230:48ff:fefa:91e1"; ipv6Address = "2001:470:b576:0:230:48ff:fefa:91e1";