diff options
| author | andromeda <andromeda@lenovo> | 2026-01-26 21:40:03 +0100 |
|---|---|---|
| committer | andromeda <andromeda@lenovo> | 2026-01-26 21:40:03 +0100 |
| commit | 8c0db96ca409b93313111352a2cc454281c8285e (patch) | |
| tree | 41d2050a40ae15c26334898233791eeb4b7bc455 /modules | |
| parent | 2386fea0ebfedd486e8945b19b3ff4898c29a75e (diff) | |
robot, also continuwuity, also zramrobotnix
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/matrix-conduit.nix | 82 | ||||
| -rw-r--r-- | modules/nixos/matrix-continuwuity.nix | 26 | ||||
| -rw-r--r-- | modules/nixos/matrix-synapse.nix | 65 | ||||
| -rw-r--r-- | modules/nixos/zram.nix | 8 |
4 files changed, 34 insertions, 147 deletions
diff --git a/modules/nixos/matrix-conduit.nix b/modules/nixos/matrix-conduit.nix deleted file mode 100644 index d0fdf63..0000000 --- a/modules/nixos/matrix-conduit.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - pkgs, - ... -}: let - well_known_server = pkgs.writeText "well-known-matrix-server" '' - { - "m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}" - } - ''; - well_known_client = pkgs.writeText "well-known-matrix-client" '' - { - "m.homeserver": { - "base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}" - } - ''; -in { - services.matrix-conduit = { - enable = true; - settings.global = { - server_name = "${config.networking.domain}"; - }; - }; - services.nginx = { - enable = true; - virtualHosts = { - "matrix.${config.services.matrix-conduit.settings.global.server_name}" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://backend_conduit$request_uri"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - ''; - }; - extraConfig = '' - merge_slashes off; - ''; - }; - "${config.services.matrix-conduit.settings.global.server_name}" = { - forceSSL = true; - enableACME = true; - locations."/.well-known/matrix/server/" = { - alias = "${well_known_server}"; - extraConfig = '' - default_type application/json; - ''; - }; - locations."/.well-known/matrix/client/" = { - alias = "${well_known_client}"; - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin ""; - ''; - }; - }; - }; - upstreams = { - backend-conduit = { - servers = { - "localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {}; - }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [8448]; - networking.firewall.allowedUDPPorts = [8448]; -} diff --git a/modules/nixos/matrix-continuwuity.nix b/modules/nixos/matrix-continuwuity.nix new file mode 100644 index 0000000..2b9a785 --- /dev/null +++ b/modules/nixos/matrix-continuwuity.nix @@ -0,0 +1,26 @@ +{config, ...}: { + services = { + matrix-continuwuity = { + enable = true; + settings = { + global = { + server_name = "${config.networking.domain}"; + address = ["127.0.0.1"]; + port = [6167]; + well_known = { + server = "matrix.${config.networking.domain}"; + client = "https://matrix.${config.networking.domain}"; + }; + }; + }; + }; + + nginx = { + upstreams.matrix.servers."127.0.0.1:6167" = {}; + virtualHosts = { + "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix"; + "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix"; + }; + }; + }; +} diff --git a/modules/nixos/matrix-synapse.nix b/modules/nixos/matrix-synapse.nix deleted file mode 100644 index f47c4f4..0000000 --- a/modules/nixos/matrix-synapse.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - fqdn = "${config.networking.hostName}.${config.networking.domain}"; - baseUrl = "https://${fqdn}"; - clientConfig."m.homeserver".base_url = baseUrl; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - services.postgresql.enable = true; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - "${fqdn}" = { - enableACME = true; - forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; - locations."/_matrix".proxyPass = "http://[::1]:8008"; - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; - }; - }; - }; - services.matrix-synapse = { - enable = true; - settings.server_name = config.networking.domain; - settings.public_baseurl = baseUrl; - settings.listeners = [ - { - port = 8008; - bind_addresses = ["::1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = true; - } - ]; - } - ]; - }; -} diff --git a/modules/nixos/zram.nix b/modules/nixos/zram.nix new file mode 100644 index 0000000..80fc88a --- /dev/null +++ b/modules/nixos/zram.nix @@ -0,0 +1,8 @@ +{ + zramSwap = { + enable = true; + priority = 100; + algorithm = "zstd"; + memoryPercent = 75; + }; +} |