Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

loptland: init matrix server

Browse source
This commit is contained in:
Christoph Hollizeck 2026-03-26 13:25:08 +01:00
parent d53de15a3f
commit ff78e01175
5 changed files with 143 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/hosts/loptland/default.nix
View file

@ -30,6 +30,9 @@ topLevel: {
forgejo
forgejo-runner
# services
matrix-synapse
# game server
minecraft-server
factorio-server

33
modules/hosts/loptland/nginx.nix
View file

@ -50,6 +50,39 @@
};
};
"matrix.alwayssleepy.online" = lib.mkIf config.services.matrix-synapse.enable {
forceSSL = true;
useACMEHost = "alwayssleepy.online";
locations."/" = {
proxyPass = "http://localhost:${toString 8008}";
extraConfig = ''
client_max_body_size 50M;
'';
};
};
# .well-known Matrix delegation so Matrix IDs are @user:alwayssleepy.online
"alwayssleepy.online" = {
forceSSL = true;
useACMEHost = "alwayssleepy.online";
locations."/.well-known/matrix/server" = {
extraConfig = ''
default_type application/json;
return 200 '{"m.server":"matrix.alwayssleepy.online:443"}';
'';
};
locations."/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
add_header 'Access-Control-Allow-Origin' '*';
return 200 '{"m.homeserver":{"base_url":"https://matrix.alwayssleepy.online"}}';
'';
};
};
"nixcache.${domainName}" = lib.mkIf config.services.nix-serve.enable {
forceSSL = true;
useACMEHost = domainName;

5
modules/server/acme.nix
View file

@ -54,6 +54,11 @@ topLevel: {
dnsResolver = "1.1.1.1:53";
extraDomainNames = [ "*.${domainname}" ];
};
certs."alwayssleepy.online" = {
dnsResolver = "1.1.1.1:53";
extraDomainNames = [ "*.alwayssleepy.online" ];
};
};
};

98
modules/server/matrix-synapse.nix Normal file
View file

@ -0,0 +1,98 @@
{
flake.modules.nixos.matrix-synapse =
{ config, ... }:
let
domainName = "alwayssleepy.online";
matrixPort = 8008;
sopsFile = ../../secrets/secrets-loptland.yaml;
in
{
sops.secrets."matrix/registrationSharedSecret" = {
inherit sopsFile;
owner = "matrix-synapse";
};
services.postgresql = {
enable = true;
ensureDatabases = [ "matrix-synapse" ];
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
];
};
# ensureDatabases creates with default collation, but Synapse requires C collation.
# This service runs after postgresql-setup (which runs ensureDatabases) and corrects
# the collation by recreating the DB if needed.
systemd.services."matrix-synapse-db-setup" = {
description = "Set up Matrix Synapse PostgreSQL database with C collation";
wantedBy = [ "matrix-synapse.service" ];
before = [ "matrix-synapse.service" ];
after = [
"postgresql.service"
"postgresql-setup.service"
];
requires = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
};
script = ''
COLLATION=$(psql -tAc "SELECT datcollate FROM pg_database WHERE datname = 'matrix-synapse'")
if [ "$COLLATION" != "C" ]; then
psql -c "DROP DATABASE \"matrix-synapse\""
psql -c "CREATE DATABASE \"matrix-synapse\" ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE=template0 OWNER \"matrix-synapse\""
fi
'';
};
services.matrix-synapse = {
enable = true;
settings = {
server_name = domainName;
database = {
name = "psycopg2";
args.database = "matrix-synapse";
};
public_baseurl = "https://matrix.${domainName}";
listeners = [
{
port = matrixPort;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = false;
}
];
}
];
enable_registration = true;
registration_requires_token = true;
};
extraConfigFiles = [ config.sops.templates."matrix-synapse-extra.yaml".path ];
};
sops.templates."matrix-synapse-extra.yaml" = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: "${config.sops.placeholder."matrix/registrationSharedSecret"}"
'';
};
};
}