From 3700b0489942a4b22025e71778a5572069451437 Mon Sep 17 00:00:00 2001 From: Mel Date: Sun, 15 Dec 2024 22:53:04 +0100 Subject: Deploy conduwuit as new Matrix homeserver Signed-off-by: Mel --- machines/lapin/default.nix | 11 +---- secrets/conduwuit-registration-token.age | Bin 0 -> 587 bytes secrets/secrets.nix | 4 ++ services/conduwuit.nix | 68 +++++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 10 deletions(-) create mode 100644 secrets/conduwuit-registration-token.age create mode 100644 services/conduwuit.nix diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix index 3178a1d..2e21328 100644 --- a/machines/lapin/default.nix +++ b/machines/lapin/default.nix @@ -9,7 +9,7 @@ ../../modules/www.nix - ../../services/dendrite.nix + ../../services/conduwuit.nix ../../services/pds.nix ../../services/akkoma ]; @@ -39,15 +39,6 @@ }; }; - "matrix.rnrd.eu" = { - forceSSL = true; - enableACME = true; - - locations."/_matrix" = { - proxyPass = "http://127.0.0.1:8008"; - }; - }; - "pds.rnrd.eu" = { serverAliases = [ "*.pds.rnrd.eu" ]; forceSSL = true; diff --git a/secrets/conduwuit-registration-token.age b/secrets/conduwuit-registration-token.age new file mode 100644 index 0000000..3f2761d Binary files /dev/null and b/secrets/conduwuit-registration-token.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 22c7a91..604ca1e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,5 +14,9 @@ in lapin ] ++ allAdmins; + "conduwuit-registration-token.age".publicKeys = [ + lapin + ] ++ allAdmins; + "password.age".publicKeys = allSystems ++ allAdmins; } diff --git a/services/conduwuit.nix b/services/conduwuit.nix new file mode 100644 index 0000000..af59f7f --- /dev/null +++ b/services/conduwuit.nix @@ -0,0 +1,68 @@ +{ config, pkgs, auxiliaryPkgs, ... }: + +let + inherit (pkgs) conduwuit dockerTools; + inherit (auxiliaryPkgs) common; + + conduwuitLocalPort = 2123; + conduwuitDir = "/srv/conduwuit"; + + conduwuitImage = dockerTools.streamLayeredImage { + name = "conduwuit"; + tag = conduwuit.version; + fromImage = common.alpine.base; + + contents = [ conduwuit ]; + }; + +in +{ + age.secrets.conduwuit-registration-token = { + file = ../secrets/conduwuit-registration-token.age; + }; + + foundation.service.conduwuit = { + conduwuit = { + image = conduwuitImage; + ports = [ conduwuitLocalPort ]; + + volumes = [ + [ "${conduwuitDir}/db" "/var/lib/conduwuit" ] + [ "${conduwuitDir}/conduwuit.toml" "/etc/conduwuit/conduwuit.toml" ] + [ + "${config.age.secrets.conduwuit-registration-token.path}" + "/etc/conduwuit/registration-itoken" + ] + ]; + + environment = { + CONDUWUIT_CONFIG = "/etc/conduwuit/conduwuit.toml"; + }; + + entrypoint = "${conduwuit}/bin/conduit"; + }; + }; + + services.nginx.virtualHosts = { + "matrix.rnrd.eu" = let + proxySettings = { proxyPass = "http://127.0.0.1:${toString conduwuitLocalPort}"; }; + in + { + forceSSL = true; + enableACME = true; + + locations."/" = proxySettings; + locations."/_matrix" = proxySettings; + locations."/_conduwuit" = proxySettings; + + extraConfig = '' + client_max_body_size 20M; + + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + ''; + }; + }; +} -- cgit 1.4.1