diff options
Diffstat (limited to 'services/matrix.nix')
| -rw-r--r-- | services/matrix.nix | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/services/matrix.nix b/services/matrix.nix new file mode 100644 index 0000000..3586cc8 --- /dev/null +++ b/services/matrix.nix @@ -0,0 +1,87 @@ +{ + config, + pkgs, + unstablePkgs, + auxiliaryPkgs, + ... +}: + +let + inherit (pkgs) dockerTools; + inherit (unstablePkgs) matrix-continuwuity; + inherit (auxiliaryPkgs) common; + + continuwuityLocalPort = 2123; + continuwuityDir = "/srv/matrix"; + + continuwuityImage = dockerTools.streamLayeredImage { + name = "continuwuity"; + tag = matrix-continuwuity.version; + fromImage = common.alpine.base; + + contents = [ matrix-continuwuity ]; + }; + +in +{ + age.secrets.continuwuity-registration-token = { + file = ../secrets/continuwuity-registration-token.age; + }; + + foundation.service.continuwuity = { + continuwuity = { + image = continuwuityImage; + ports = [ continuwuityLocalPort ]; + + volumes = [ + [ + "${continuwuityDir}/db" + "/var/lib/continuwuity" + ] + [ + "${continuwuityDir}/continuwuity.toml" + "/etc/continuwuity/continuwuity.toml" + ] + [ + "${config.age.secrets.continuwuity-registration-token.path}" + "/etc/continuwuity/registration-token" + ] + ]; + + environment = { + CONDUWUIT_CONFIG = "/etc/continuwuity/continuwuity.toml"; + }; + + entrypoint = "${matrix-continuwuity}/bin/conduwuit"; + }; + }; + + services.nginx.virtualHosts = { + "matrix.rnrd.eu" = + let + proxySettings = { + proxyPass = "http://127.0.0.1:${toString continuwuityLocalPort}"; + }; + in + { + useACMEHost = "rnrd.eu"; + forceSSL = true; + + locations."/" = proxySettings; + locations."/_matrix" = proxySettings; + locations."/_conduwuit" = proxySettings; + locations."/_continuwuity" = proxySettings; + + extraConfig = '' + client_max_body_size 20M; + + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + + access_log /var/log/nginx/matrix.access.log json_combined; + ''; + }; + }; +} |