diff options
| author | Mel <einebeere@gmail.com> | 2024-12-15 22:53:04 +0100 |
|---|---|---|
| committer | Mel <einebeere@gmail.com> | 2024-12-15 22:53:04 +0100 |
| commit | 3700b0489942a4b22025e71778a5572069451437 (patch) | |
| tree | e217fcbd17ac5ca26326084f65cc4f5f98c617e3 | |
| parent | f1333608a54a3c6255d996844645f99a433ace94 (diff) | |
| download | network-3700b0489942a4b22025e71778a5572069451437.tar.zst network-3700b0489942a4b22025e71778a5572069451437.zip | |
Deploy conduwuit as new Matrix homeserver
Signed-off-by: Mel <einebeere@gmail.com>
| -rw-r--r-- | machines/lapin/default.nix | 11 | ||||
| -rw-r--r-- | secrets/conduwuit-registration-token.age | bin | 0 -> 587 bytes | |||
| -rw-r--r-- | secrets/secrets.nix | 4 | ||||
| -rw-r--r-- | services/conduwuit.nix | 68 |
4 files changed, 73 insertions, 10 deletions
diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix index 3178a1d..2e21328 100644 --- a/machines/lapin/default.nix +++ b/machines/lapin/default.nix @@ -9,7 +9,7 @@ ../../modules/www.nix - ../../services/dendrite.nix + ../../services/conduwuit.nix ../../services/pds.nix ../../services/akkoma ]; @@ -39,15 +39,6 @@ }; }; - "matrix.rnrd.eu" = { - forceSSL = true; - enableACME = true; - - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; - }; - }; - "pds.rnrd.eu" = { serverAliases = [ "*.pds.rnrd.eu" ]; forceSSL = true; diff --git a/secrets/conduwuit-registration-token.age b/secrets/conduwuit-registration-token.age new file mode 100644 index 0000000..3f2761d --- /dev/null +++ b/secrets/conduwuit-registration-token.age Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix index 22c7a91..604ca1e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,5 +14,9 @@ in lapin ] ++ allAdmins; + "conduwuit-registration-token.age".publicKeys = [ + lapin + ] ++ allAdmins; + "password.age".publicKeys = allSystems ++ allAdmins; } diff --git a/services/conduwuit.nix b/services/conduwuit.nix new file mode 100644 index 0000000..af59f7f --- /dev/null +++ b/services/conduwuit.nix @@ -0,0 +1,68 @@ +{ config, pkgs, auxiliaryPkgs, ... }: + +let + inherit (pkgs) conduwuit dockerTools; + inherit (auxiliaryPkgs) common; + + conduwuitLocalPort = 2123; + conduwuitDir = "/srv/conduwuit"; + + conduwuitImage = dockerTools.streamLayeredImage { + name = "conduwuit"; + tag = conduwuit.version; + fromImage = common.alpine.base; + + contents = [ conduwuit ]; + }; + +in +{ + age.secrets.conduwuit-registration-token = { + file = ../secrets/conduwuit-registration-token.age; + }; + + foundation.service.conduwuit = { + conduwuit = { + image = conduwuitImage; + ports = [ conduwuitLocalPort ]; + + volumes = [ + [ "${conduwuitDir}/db" "/var/lib/conduwuit" ] + [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ] + [ + "${config.age.secrets.conduwuit-registration-token.path}" + "/etc/conduwuit/registration-itoken" + ] + ]; + + environment = { + CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml"; + }; + + entrypoint = "${conduwuit}/bin/conduit"; + }; + }; + + services.nginx.virtualHosts = { + "matrix.rnrd.eu" = let + proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; }; + in + { + forceSSL = true; + enableACME = true; + + locations."/" = proxySettings; + locations."/_matrix" = proxySettings; + locations."/_conduwuit" = proxySettings; + + extraConfig = '' + client_max_body_size 20M; + + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + ''; + }; + }; +} |