2022-10-22 21:28:14 +01:00
5 changed files with 104 additions and 19 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -8,6 +8,7 @@
    "${modulesPath}/profiles/headless.nix"
    (import ../modules)

+    ./services/conduit.nix
    ./services/gitea.nix
    ./services/nextcloud.nix
    ./services/webserver.nix
@ -49,7 +50,17 @@
    useDHCP = false;
    interfaces.eth0.useDHCP = true;

-    firewall.allowedTCPPorts = [80 443 2222 21025];
+    firewall.allowedTCPPorts = [
+      # http
+      80
+      443
+      # ssh
+      2222
+      # matrix
+      8448
+      # starbound
+      21025
+    ];
  };

  time.timeZone = "Europe/London";
--- a/configuration/services/conduit.nix
+++ b/configuration/services/conduit.nix
@ -0,0 +1,53 @@
+{config, ...}: let
+  cfg = config.services.matrix-conduit;
+  domain = "matrix.${config.services.nginx.domain}";
+in {
+  services.matrix-conduit = {
+    enable = true;
+    settings.global = {
+      address = "127.0.0.1";
+      server_name = domain;
+      database_backend = "rocksdb";
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    enableACME = true;
+
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 443;
+        ssl = true;
+      }
+      {
+        addr = "[::0]";
+        port = 443;
+        ssl = true;
+      }
+      {
+        addr = "0.0.0.0";
+        port = 8448;
+        ssl = true;
+      }
+      {
+        addr = "[::0]";
+        port = 8488;
+        ssl = true;
+      }
+    ];
+
+    addSSL = true;
+    extraConfig = ''
+      merge_slashes off;
+    '';
+
+    locations."/_matrix" = {
+      proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
+      # Recommended by conduit
+      extraConfig = ''
+        proxy_buffering off;
+      '';
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -289,6 +289,22 @@
        "type": "github"
      }
    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1666424192,
+        "narHash": "sha256-rb/a7Kg9s31jqkvdOQHFrUc5ig5kB+O2ZKB8mjU2kW8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4f8287f3d597c73b0d706cfad028c2d51821f64d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1665466769,
@ -390,6 +406,7 @@
      "inputs": {
        "deploy-rs": "deploy-rs",
        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-unstable": "nixpkgs-unstable",
        "nvfetcher": "nvfetcher",
        "sops-nix": "sops-nix",
        "tlaternet-webserver": "tlaternet-webserver"
--- a/flake.nix
+++ b/flake.nix
@ -3,6 +3,7 @@

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    sops-nix = {
      url = "github:Mic92/sops-nix";
@ -21,6 +22,7 @@
  outputs = {
    self,
    nixpkgs,
+    nixpkgs-unstable,
    sops-nix,
    nvfetcher,
    deploy-rs,
@ -66,7 +68,7 @@
    # Helper functions #
    ####################
    lib = import ./lib {
-      inherit nixpkgs sops-nix tlaternet-webserver;
+      inherit nixpkgs nixpkgs-unstable sops-nix tlaternet-webserver;
      lib = nixpkgs.lib;
    };

@ -86,6 +88,7 @@
          "2222" = "2222";
          "3080" = "80";
          "3443" = "443";
+          "8448" = "8448"; # Matrix
          "21025" = "21025"; # Starbound
        };
      in {
@ -111,22 +114,15 @@
    ###########################
    # Development environment #
    ###########################
-    devShells.${system}.default = let
-      inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key;
-      deploy-rs-bin = deploy-rs.packages.${system}.default;
-      pkgs = nixpkgs.legacyPackages.${system};
-    in
-      nixpkgs.legacyPackages.${system}.mkShell {
+    devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
      sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
      nativeBuildInputs = [
-          sops-import-keys-hook
+        sops-nix.packages.${system}.sops-import-keys-hook
      ];

-        packages = with pkgs; [
-          nixfmt
-          git-lfs
-          sops-init-gpg-key
-          deploy-rs-bin
+      packages = [
+        sops-nix.packages.${system}.sops-init-gpg-key
+        deploy-rs.packages.${system}.default
      ];
    };
  };
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,6 +1,7 @@
 {
  lib,
  nixpkgs,
+  nixpkgs-unstable,
  sops-nix,
  tlaternet-webserver,
 }: let
@ -24,6 +25,13 @@ in {
          sops-nix.nixosModules.sops
          tlaternet-webserver.nixosModules.default
          (import ../configuration)
+          {
+            nixpkgs.overlays = [
+              (self: super: {
+                matrix-conduit = nixpkgs-unstable.legacyPackages.${system}.matrix-conduit;
+              })
+            ];
+          }
        ]
        ++ extraModules;
    };