diff --git a/configuration/default.nix b/configuration/default.nix index f81357b..eb9d05e 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -8,6 +8,7 @@ "${modulesPath}/profiles/headless.nix" (import ../modules) + ./services/conduit.nix ./services/gitea.nix ./services/nextcloud.nix ./services/webserver.nix @@ -49,7 +50,17 @@ useDHCP = false; interfaces.eth0.useDHCP = true; - firewall.allowedTCPPorts = [80 443 2222 21025]; + firewall.allowedTCPPorts = [ + # http + 80 + 443 + # ssh + 2222 + # matrix + 8448 + # starbound + 21025 + ]; }; time.timeZone = "Europe/London"; diff --git a/configuration/services/conduit.nix b/configuration/services/conduit.nix new file mode 100644 index 0000000..e8bbb6e --- /dev/null +++ b/configuration/services/conduit.nix @@ -0,0 +1,53 @@ +{config, ...}: let + cfg = config.services.matrix-conduit; + domain = "matrix.${config.services.nginx.domain}"; +in { + services.matrix-conduit = { + enable = true; + settings.global = { + address = "127.0.0.1"; + server_name = domain; + database_backend = "rocksdb"; + }; + }; + + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::0]"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::0]"; + port = 8488; + ssl = true; + } + ]; + + addSSL = true; + extraConfig = '' + merge_slashes off; + ''; + + locations."/_matrix" = { + proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}"; + # Recommended by conduit + extraConfig = '' + proxy_buffering off; + ''; + }; + }; +} diff --git a/flake.nix b/flake.nix index 1d6828b..7b0546e 100644 --- a/flake.nix +++ b/flake.nix @@ -86,6 +86,7 @@ "2222" = "2222"; "3080" = "80"; "3443" = "443"; + "8448" = "8448"; # Matrix "21025" = "21025"; # Starbound }; in {