diff options
author | Rory& <root@rory.gay> | 2024-02-26 15:18:33 +0100 |
---|---|---|
committer | Rory& <root@rory.gay> | 2024-02-26 15:18:33 +0100 |
commit | 9a27b12e409dabae9bedd0e08cf41e4b15e40aeb (patch) | |
tree | 43c346b101a6e07e1fa3fa84b3f33d3c8f098675 /host | |
parent | Update flake lock (diff) | |
download | Rory-Open-Architecture-9a27b12e409dabae9bedd0e08cf41e4b15e40aeb.tar.xz |
Matrix media gate
Diffstat (limited to 'host')
8 files changed, 414 insertions, 275 deletions
diff --git a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json new file mode 100644 index 0000000..f1e8d6a --- /dev/null +++ b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json @@ -0,0 +1,17 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Information", + "Microsoft.AspNetCore.Routing": "Warning", + "Microsoft.AspNetCore.Mvc": "Warning" + } + }, + "ProxyConfiguration": { + "Upstream": "http://127.0.0.1:6167", + "Host": "conduit.rory.gay", + "TrustedServers": [ + "conduit.rory.gay" + ] + } +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json new file mode 100644 index 0000000..5ce983f --- /dev/null +++ b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json @@ -0,0 +1,17 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Information", + "Microsoft.AspNetCore.Routing": "Warning", + "Microsoft.AspNetCore.Mvc": "Warning" + } + }, + "ProxyConfiguration": { + "Upstream": "http://matrix-rory-gay.localhost", + "Host": "matrix.rory.gay", + "TrustedServers": [ + "rory.gay" + ] + } +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix index a527164..8930f1e 100755 --- a/host/Rory-nginx/services/matrix/draupnir.nix +++ b/host/Rory-nginx/services/matrix/draupnir.nix @@ -37,6 +37,8 @@ words = [ "tranny" "faggot" + "ywnbaw" + "nigger" ]; minutesBeforeTrusting = 0; }; diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix new file mode 100755 index 0000000..e459fcd --- /dev/null +++ b/host/Rory-nginx/services/matrix/matrix-media-gate.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, MatrixMediaGate, ... }: + +{ + systemd.services = { + "MatrixMediaGate-matrix-rory-gay" = { + serviceConfig = { + ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate"; + ExecStartPre = "cp ${./appsettings.matrix-rory-gay.json} /etc/matrix-media-gate/appsettings.matrix-rory-gay.json"; + Restart = "always"; + RestartSec = "5"; + DynamicUser = true; + StateDirectory = "matrix-media-gate"; + }; + environment = { + "DOTNET_ENVIRONMENT" = "matrix-rory-gay"; + "DOTNET_URLS" = "http://localhost:9001"; + }; + }; + "MatrixMediaGate-conduit-rory-gay" = { + serviceConfig = { + ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate"; + ExecStartPre = "cp ${./appsettings.conduit-rory-gay.json} /etc/matrix-media-gate/appsettings.conduit-rory-gay.json"; + Restart = "always"; + RestartSec = "5"; + DynamicUser = true; + StateDirectory = "matrix-media-gate"; + }; + environment = { + "DOTNET_ENVIRONMENT" = "conduit-rory-gay"; + "DOTNET_URLS" = "http://localhost:9002"; + }; + }; + }; +} + diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix index d624542..2c0df53 100755 --- a/host/Rory-nginx/services/matrix/root.nix +++ b/host/Rory-nginx/services/matrix/root.nix @@ -8,6 +8,7 @@ ./matrix-appservice-discord.nix ./draupnir.nix ./conduit.nix + ./matrix-media-gate.nix ]; } \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix new file mode 100644 index 0000000..0ab8e9a --- /dev/null +++ b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix @@ -0,0 +1,280 @@ +{ + enableACME = false; + addSSL = false; + # locations."/_matrix" = { + # proxyPass = "http://192.168.1.5:8008"; + # extraConfig = '' + # if ($request_method = 'OPTIONS') { + # more_set_headers 'Access-Control-Allow-Origin: *'; + # more_set_headers 'Access-Control-Allow-Methods: *'; + # # + # # Custom headers and headers various browsers *should* be OK with but aren't + # # + # more_set_headers 'Access-Control-Allow-Headers: *'; + # # + # # Tell client that this pre-flight info is valid for 20 days + # # + # more_set_headers 'Access-Control-Max-Age' 1728000; + # more_set_headers 'Content-Type: text/plain; charset=utf-8'; + # more_set_headers 'Content-Length' 0; + # return 204; + # }; + # ''; + # }; + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + locations."~ ^/_matrix/client/(r0|v3)/sync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + extraConfig = '' + proxy_read_timeout 3600; + proxy_connect_timeout 3600; + proxy_send_timeout 3600; + ''; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/versions$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { + proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { + proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { + proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; + }; + + ### DUPLICATES???? + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { + proxyPass = "http://user_dir_workers_upstream$request_uri"; + }; + + # ??? + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8008"; + #proxyPass = "http://$backend"; + proxyPass = "http://127.0.0.1:8008"; + }; + + locations."~ ^/_matrix/federation/v1/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state_ids/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/backfill/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/get_missing_events/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/publicRooms" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/query/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/event_auth/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/user/devices/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/key/v2/query" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/hierarchy/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/send/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + ##### media repo + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + locations."~ ^/_matrix/media/" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/users/.*/media$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + + #locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8048"; + #proxyPass = "http://$backend"; + #}; + + + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix index 12a32cd..44b074a 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix @@ -2,7 +2,8 @@ enableACME = true; addSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:6167"; + proxyPass = "http://127.0.0.1:9002"; + #proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix index 7af0222..940e7b3 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix @@ -1,280 +1,66 @@ { enableACME = true; addSSL = true; - # locations."/_matrix" = { - # proxyPass = "http://192.168.1.5:8008"; - # extraConfig = '' - # if ($request_method = 'OPTIONS') { - # more_set_headers 'Access-Control-Allow-Origin: *'; - # more_set_headers 'Access-Control-Allow-Methods: *'; - # # - # # Custom headers and headers various browsers *should* be OK with but aren't - # # - # more_set_headers 'Access-Control-Allow-Headers: *'; - # # - # # Tell client that this pre-flight info is valid for 20 days - # # - # more_set_headers 'Access-Control-Max-Age' 1728000; - # more_set_headers 'Content-Type: text/plain; charset=utf-8'; - # more_set_headers 'Content-Length' 0; - # return 204; - # }; - # ''; - # }; - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - locations."~ ^/_matrix/client/(r0|v3)/sync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - extraConfig = '' - proxy_read_timeout 3600; - proxy_connect_timeout 3600; - proxy_send_timeout 3600; - ''; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/versions$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { - proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { - proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { - proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; - }; - - ### DUPLICATES???? - # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory - locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { - proxyPass = "http://user_dir_workers_upstream$request_uri"; - }; - - # ??? - locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8008"; - #proxyPass = "http://$backend"; - proxyPass = "http://127.0.0.1:8008"; - }; - - locations."~ ^/_matrix/federation/v1/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state_ids/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/backfill/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/get_missing_events/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/publicRooms" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/query/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/event_auth/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/user/devices/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/key/v2/query" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/hierarchy/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/send/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - ##### media repo - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - locations."~ ^/_matrix/media/" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; + locations."/" = { + proxyPass = "http://127.0.0.1:9002"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *, Authorization'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; }; - locations."~ ^/_synapse/admin/v1/media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/users/.*/media$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - - #locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8048"; - #proxyPass = "http://$backend"; - #}; - - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + locations."= /.well-known/matrix/server".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.server" = "matrix.rory.gay:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "m.identity_server".base_url = "https://matrix.rory.gay"; + } + }'; + ''; + locations."= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; } |