summary refs log tree commit diff
path: root/host
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-02-26 15:18:33 +0100
committerRory& <root@rory.gay>2024-02-26 15:18:33 +0100
commit9a27b12e409dabae9bedd0e08cf41e4b15e40aeb (patch)
tree43c346b101a6e07e1fa3fa84b3f33d3c8f098675 /host
parentUpdate flake lock (diff)
downloadRory-Open-Architecture-9a27b12e409dabae9bedd0e08cf41e4b15e40aeb.tar.xz
Matrix media gate
Diffstat (limited to 'host')
-rw-r--r--host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json17
-rw-r--r--host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json17
-rwxr-xr-xhost/Rory-nginx/services/matrix/draupnir.nix2
-rwxr-xr-xhost/Rory-nginx/services/matrix/matrix-media-gate.nix35
-rwxr-xr-xhost/Rory-nginx/services/matrix/root.nix1
-rw-r--r--host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix280
-rwxr-xr-xhost/Rory-nginx/services/nginx/rory.gay/conduit.nix3
-rwxr-xr-xhost/Rory-nginx/services/nginx/rory.gay/matrix.nix334
8 files changed, 414 insertions, 275 deletions
diff --git a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json
new file mode 100644
index 0000000..f1e8d6a
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json
@@ -0,0 +1,17 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Information",
+      "Microsoft.AspNetCore.Routing": "Warning",
+      "Microsoft.AspNetCore.Mvc": "Warning"
+    }
+  },
+  "ProxyConfiguration": {
+    "Upstream": "http://127.0.0.1:6167",
+    "Host": "conduit.rory.gay",
+    "TrustedServers": [
+      "conduit.rory.gay"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json
new file mode 100644
index 0000000..5ce983f
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json
@@ -0,0 +1,17 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Information",
+      "Microsoft.AspNetCore.Routing": "Warning",
+      "Microsoft.AspNetCore.Mvc": "Warning"
+    }
+  },
+  "ProxyConfiguration": {
+    "Upstream": "http://matrix-rory-gay.localhost",
+    "Host": "matrix.rory.gay",
+    "TrustedServers": [
+      "rory.gay"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix
index a527164..8930f1e 100755
--- a/host/Rory-nginx/services/matrix/draupnir.nix
+++ b/host/Rory-nginx/services/matrix/draupnir.nix
@@ -37,6 +37,8 @@
           words = [
             "tranny"
             "faggot"
+            "ywnbaw"
+            "nigger"
           ];
           minutesBeforeTrusting = 0;
         };
diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix
new file mode 100755
index 0000000..e459fcd
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/matrix-media-gate.nix
@@ -0,0 +1,35 @@
+{ config, pkgs, lib, MatrixMediaGate, ... }:
+
+{
+  systemd.services = {
+    "MatrixMediaGate-matrix-rory-gay" = {
+      serviceConfig = {
+        ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate";
+        ExecStartPre = "cp ${./appsettings.matrix-rory-gay.json} /etc/matrix-media-gate/appsettings.matrix-rory-gay.json";
+        Restart = "always";
+        RestartSec = "5";
+        DynamicUser = true;
+        StateDirectory = "matrix-media-gate";
+      };
+      environment = {
+        "DOTNET_ENVIRONMENT" = "matrix-rory-gay";
+        "DOTNET_URLS" = "http://localhost:9001";
+      };
+    };
+    "MatrixMediaGate-conduit-rory-gay" = {
+      serviceConfig = {
+        ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate";
+        ExecStartPre = "cp ${./appsettings.conduit-rory-gay.json} /etc/matrix-media-gate/appsettings.conduit-rory-gay.json";
+        Restart = "always";
+        RestartSec = "5";
+        DynamicUser = true;
+        StateDirectory = "matrix-media-gate";
+      };
+      environment = {
+        "DOTNET_ENVIRONMENT" = "conduit-rory-gay";
+        "DOTNET_URLS" = "http://localhost:9002";
+      };
+    };
+  };
+}
+
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index d624542..2c0df53 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -8,6 +8,7 @@
       ./matrix-appservice-discord.nix
       ./draupnir.nix
       ./conduit.nix
+      ./matrix-media-gate.nix
     ];
 
 }
\ No newline at end of file
diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix
new file mode 100644
index 0000000..0ab8e9a
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix
@@ -0,0 +1,280 @@
+{
+  enableACME = false;
+  addSSL = false;
+  # locations."/_matrix" = {
+  #   proxyPass = "http://192.168.1.5:8008"; 
+  #   extraConfig = ''
+  #     if ($request_method = 'OPTIONS') {
+  #       more_set_headers 'Access-Control-Allow-Origin: *';
+  #       more_set_headers 'Access-Control-Allow-Methods: *';
+  #       #
+  #       # Custom headers and headers various browsers *should* be OK with but aren't
+  #       #
+  #       more_set_headers 'Access-Control-Allow-Headers: *';
+  #       #
+  #       # Tell client that this pre-flight info is valid for 20 days
+  #       #
+  #       more_set_headers 'Access-Control-Max-Age' 1728000;
+  #       more_set_headers 'Content-Type: text/plain; charset=utf-8';
+  #       more_set_headers 'Content-Length' 0;
+  #       return 204;
+  #     };
+  #   '';
+  # };
+
+  		# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
+	locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+    extraConfig = ''
+			proxy_read_timeout 3600;
+			proxy_connect_timeout 3600;
+			proxy_send_timeout 3600; 
+		'';
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/versions$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
+		proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
+	};
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
+		proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
+	};
+
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
+		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
+		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
+	};
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
+		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
+		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
+	};
+			# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
+	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
+		proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
+	};
+
+  ### DUPLICATES????
+  # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
+  locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
+		proxyPass = "http://user_dir_workers_upstream$request_uri";
+	};
+
+  # ???
+	locations."/" = {
+		#resolver 127.0.0.11 valid=5s;
+		#set $backend "matrix-synapse:8008";
+		#proxyPass = "http://$backend";
+    proxyPass = "http://127.0.0.1:8008";
+	};
+
+	locations."~ ^/_matrix/federation/v1/event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/state/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/state_ids/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/backfill/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/publicRooms" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/query/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/make_join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/make_leave/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/event_auth/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/user/devices/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/key/v2/query" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/hierarchy/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+	locations."~ ^/_matrix/federation/v1/send/" = {
+		proxyPass = "http://generic_workers_upstream$request_uri";
+	};
+
+  ##### media repo
+
+  # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
+  locations."~ ^/_matrix/media/" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/purge_media_cache$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/media/.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+  locations."~ ^/_synapse/admin/v1/users/.*/media$" = {
+    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  };
+
+	#locations."/" = {
+		#resolver 127.0.0.11 valid=5s;
+		#set $backend "matrix-synapse:8048";
+		#proxyPass = "http://$backend";
+	#};
+  
+
+  locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";   
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
index 12a32cd..44b074a 100755
--- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
@@ -2,7 +2,8 @@
   enableACME = true;
   addSSL = true;
   locations."/" = {
-    proxyPass = "http://127.0.0.1:6167"; 
+    proxyPass = "http://127.0.0.1:9002";
+    #proxyPass = "http://127.0.0.1:6167";
     extraConfig = ''
       if ($request_method = 'OPTIONS') {
         more_set_headers 'Access-Control-Allow-Origin: *';
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
index 7af0222..940e7b3 100755
--- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
@@ -1,280 +1,66 @@
 {
   enableACME = true;
   addSSL = true;
-  # locations."/_matrix" = {
-  #   proxyPass = "http://192.168.1.5:8008"; 
-  #   extraConfig = ''
-  #     if ($request_method = 'OPTIONS') {
-  #       more_set_headers 'Access-Control-Allow-Origin: *';
-  #       more_set_headers 'Access-Control-Allow-Methods: *';
-  #       #
-  #       # Custom headers and headers various browsers *should* be OK with but aren't
-  #       #
-  #       more_set_headers 'Access-Control-Allow-Headers: *';
-  #       #
-  #       # Tell client that this pre-flight info is valid for 20 days
-  #       #
-  #       more_set_headers 'Access-Control-Max-Age' 1728000;
-  #       more_set_headers 'Content-Type: text/plain; charset=utf-8';
-  #       more_set_headers 'Content-Length' 0;
-  #       return 204;
-  #     };
-  #   '';
-  # };
-
-  		# https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
-	locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-                extraConfig = ''
-                     proxy_read_timeout 3600;
-                     proxy_connect_timeout 3600;
-                     proxy_send_timeout 3600; 
-                  '';
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/versions$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
-		proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
-	};
-
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
-		proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
-	};
-
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
-		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
-		proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
-	};
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
-		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
-		proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
-	};
-			# https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
-	locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
-		proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
-	};
-
-  ### DUPLICATES????
-  # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
-		proxyPass = "http://user_dir_workers_upstream$request_uri";
-	};
-
-  # ???
-	locations."/" = {
-		#resolver 127.0.0.11 valid=5s;
-		#set $backend "matrix-synapse:8008";
-		#proxyPass = "http://$backend";
-    proxyPass = "http://127.0.0.1:8008";
-	};
-
-	locations."~ ^/_matrix/federation/v1/event/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/state/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/state_ids/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/backfill/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/publicRooms" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/query/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/make_join/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/make_leave/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/event_auth/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/user/devices/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/key/v2/query" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/hierarchy/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-	locations."~ ^/_matrix/federation/v1/send/" = {
-		proxyPass = "http://generic_workers_upstream$request_uri";
-	};
-
-  ##### media repo
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
-  locations."~ ^/_matrix/media/" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/purge_media_cache$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
+  locations."/" = {
+    proxyPass = "http://127.0.0.1:9002";
+    extraConfig = ''
+      if ($request_method = 'OPTIONS') {
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Methods: *';
+        #
+        # Custom headers and headers various browsers *should* be OK with but aren't
+        #
+        more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+        #
+        # Tell client that this pre-flight info is valid for 20 days
+        #
+        more_set_headers 'Access-Control-Max-Age: 1728000';
+        more_set_headers 'Content-Type: text/plain; charset=utf-8';
+        more_set_headers 'Content-Length: 0';
+        return 204;
+      }
+    '';
   };
-  locations."~ ^/_synapse/admin/v1/media/.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/users/.*/media$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-
-	#locations."/" = {
-		#resolver 127.0.0.11 valid=5s;
-		#set $backend "matrix-synapse:8048";
-		#proxyPass = "http://$backend";
-	#};
-  
 
-  locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";   
+  locations."= /.well-known/matrix/server".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      "m.server" = "matrix.rory.gay:443";
+    }}';
+  ''; 
+  locations."= /.well-known/matrix/client".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      "m.homeserver".base_url = "https://matrix.rory.gay";
+      "m.identity_server".base_url = "https://matrix.rory.gay";
+    }
+    }';
+  ''; 
+  locations."= /.well-known/matrix/support".extraConfig = ''
+    more_set_headers 'Content-Type application/json';
+    more_set_headers 'Access-Control-Allow-Origin *';
+    return 200 '${builtins.toJSON {
+      admins = [
+        {
+          matrix_id = "@emma:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@alicia:rory.gay";
+          role = "admin";
+        }
+	      {
+          matrix_id = "@root:rory.gay";
+          role = "admin";
+        }
+      	{
+          matrix_id = "@rory:rory.gay";
+          role = "admin";
+        }
+      ];
+    }
+    }';
+  '';
 }