93 lines
2.5 KiB
Nix
93 lines
2.5 KiB
Nix
{ pkgs, lib, config, secrets, ... }: {
|
|
|
|
imports = [
|
|
./bridges/mautrix-facebook.nix
|
|
./bridges/mx-puppet-discord.nix
|
|
# TODO: fix irc service
|
|
# ./bridges/matrix-appservice-irc.nix
|
|
|
|
./postgres.nix
|
|
./coturn.nix
|
|
];
|
|
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
settings = {
|
|
turn_uris = let
|
|
inherit (config.services.coturn) realm;
|
|
p = toString secrets.ports.matrix.default;
|
|
in ["turn:${realm}:${p}?transport=udp" "turn:${realm}:${p}?transport=tcp"];
|
|
turn_shared_secret = config.services.coturn.static-auth-secret;
|
|
turn_user_lifetime = "1h";
|
|
|
|
server_name = "nani.wtf";
|
|
public_baseurl = "https://matrix.nani.wtf";
|
|
|
|
enable_metrics = true;
|
|
|
|
listeners = [
|
|
{
|
|
port = secrets.ports.matrix.listener;
|
|
bind_addresses = [
|
|
"0.0.0.0"
|
|
"::1"
|
|
];
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [
|
|
{
|
|
names = [ "client" "federation" "metrics" ];
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
# NOTE: To register a new admin user, use a nix-shell with
|
|
# package 'matrix-synapse', and use the register_new_matrix_user command
|
|
# with the registration shared secret
|
|
enable_registration = false;
|
|
|
|
registration_shared_secret = secrets.keys.matrix.registration-shared-secret;
|
|
|
|
# password_config.enabled = lib.mkForce false;
|
|
|
|
dataDir = "${config.machineVars.dataDrives.default}/var/matrix";
|
|
|
|
database_type = "postgres";
|
|
# database_args = {
|
|
# password = "synapse";
|
|
# };
|
|
|
|
# TODO: Figure out a way to do this declaratively.
|
|
# The files need to be owned by matrix-synapse
|
|
app_service_config_files = [
|
|
"/var/lib/matrix-synapse/discord-registration.yaml"
|
|
# (pkgs.writeText "facebook-registrations.yaml" (builtins.toJSON config.services.mautrix-facebook.registrationData))
|
|
"/var/lib/matrix-synapse/facebook-registration.yaml"
|
|
];
|
|
|
|
# redis.enabled = true;
|
|
max_upload_size = "100M";
|
|
};
|
|
};
|
|
|
|
# services.redis.enable = true;
|
|
|
|
networking.firewall = {
|
|
interfaces.enp2s0 = let
|
|
range = with config.services.coturn; [ {
|
|
from = secrets.ports.matrix.coturn.min;
|
|
to = secrets.ports.matrix.coturn.max;
|
|
} ];
|
|
in
|
|
{
|
|
allowedUDPPortRanges = range;
|
|
allowedUDPPorts = [ secrets.ports.matrix.default ];
|
|
allowedTCPPortRanges = range;
|
|
allowedTCPPorts = [ secrets.ports.matrix.default ];
|
|
};
|
|
};
|
|
}
|