4 files changed, 124 insertions, 2 deletions
diff --git a/host/Rory-discordbots/configuration.nix b/host/Rory-discordbots/configuration.nix
index 36e7a1f..958ae5c 100755
--- a/host/Rory-discordbots/configuration.nix
+++ b/host/Rory-discordbots/configuration.nix
@@ -24,5 +24,4 @@
};
system.stateVersion = "22.11"; # DO NOT EDIT!
-}
-
+}
\ No newline at end of file
diff --git a/host/Rory-nginx/hosts/rory.gay/matrix.nix b/host/Rory-nginx/hosts/rory.gay/matrix.nix
new file mode 100755
index 0000000..6a638c3
--- /dev/null
+++ b/host/Rory-nginx/hosts/rory.gay/matrix.nix
@@ -0,0 +1,6 @@
+{
+ enableACME = true;
+ addSSL = true;
+ locations."/_matrix".proxyPass = "http://192.168.1.5:8008";
+ locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";
+}
diff --git a/host/Rory-nginx/hosts/rory.gay/root.nix b/host/Rory-nginx/hosts/rory.gay/root.nix
index 4307cf4..c3dfb2f 100755
--- a/host/Rory-nginx/hosts/rory.gay/root.nix
+++ b/host/Rory-nginx/hosts/rory.gay/root.nix
@@ -4,4 +4,21 @@
addSSL = true;
extraConfig = ''
autoindex on;'';
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ add_header Content-Type application/json;
+ add_header Access-Control-Allow-Origin *;
+ return 200 '${builtins.toJSON {
+ "m.server" = "matrix.rory.gay:443";
+ }}}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ add_header Content-Type application/json;
+ add_header Access-Control-Allow-Origin *;
+ return 200 '${builtins.toJSON {
+ "m.homeserver".base_url = "https://matrix.rory.gay";
+ "m.identity_server" = {};
+ }
+ }';
+ '';
}
diff --git a/host/Rory-synapse/configuration.nix b/host/Rory-synapse/configuration.nix
new file mode 100755
index 0000000..24a0692
--- /dev/null
+++ b/host/Rory-synapse/configuration.nix
@@ -0,0 +1,100 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ../../modules/base-server.nix
+ ];
+
+ networking = {
+ hostName = "Rory-synapse";
+ interfaces.ens18.ipv4.addresses = [ {
+ address = "192.168.1.5";
+ prefixLength = 24;
+ } ];
+ interfaces.ens19.ipv4.addresses = [ {
+ address = "10.10.10.5";
+ prefixLength = 16;
+ } ];
+ };
+
+ # coturn (WebRTC)
+ services.coturn = rec {
+ enable = false; # Alicia - figure out secret first...
+ no-cli = true;
+ no-tcp-relay = true;
+ min-port = 49000;
+ max-port = 50000;
+ use-auth-secret = true;
+ static-auth-secret = "will be world readable for local users :(";
+ realm = "turn.example.com";
+ # Alicia - figure out how to get this to work, since nginx runs on separate machine...
+ #cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
+ #pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
+ extraConfig = ''
+ # for debugging
+ verbose
+ # ban private IP ranges
+ no-multicast-peers
+ denied-peer-ip=0.0.0.0-0.255.255.255
+ denied-peer-ip=10.0.0.0-10.255.255.255
+ denied-peer-ip=100.64.0.0-100.127.255.255
+ denied-peer-ip=127.0.0.0-127.255.255.255
+ denied-peer-ip=169.254.0.0-169.254.255.255
+ denied-peer-ip=172.16.0.0-172.31.255.255
+ denied-peer-ip=192.0.0.0-192.0.0.255
+ denied-peer-ip=192.0.2.0-192.0.2.255
+ denied-peer-ip=192.88.99.0-192.88.99.255
+ denied-peer-ip=192.168.0.0-192.168.255.255
+ denied-peer-ip=198.18.0.0-198.19.255.255
+ denied-peer-ip=198.51.100.0-198.51.100.255
+ denied-peer-ip=203.0.113.0-203.0.113.255
+ denied-peer-ip=240.0.0.0-255.255.255.255
+ denied-peer-ip=::1
+ denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
+ denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
+ denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
+ denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+ '';
+ };
+
+ #services.matrix-synapse = with config.services.coturn; {
+ # turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
+ # turn_shared_secret = static-auth-secret;
+ # turn_user_lifetime = "1h";
+ #};
+
+ # Discord bridge
+ services.matrix-appservice-discord = {
+ enable = false; # Alicia - figure out secret first...
+ environmentFile = /etc/keyring/matrix-appservice-discord/tokens.env;
+ # The appservice is pre-configured to use SQLite by default.
+ # It's also possible to use PostgreSQL.
+ settings = {
+ bridge = {
+ domain = "rory.gay";
+ homeserverUrl = "https://matrix.rory.gay";
+ };
+
+ # The service uses SQLite by default, but it's also possible to use
+ # PostgreSQL instead:
+ database = {
+ # filename = ""; # empty value to disable sqlite
+ connString = "postgres://postgres@192.168.1.3/matrix-appservice-discord";
+ };
+ };
+
+ services.matrix-synapse = {
+ enable = true;
+ app_service_config_files = [
+ #"/etc/matrix-synapse/appservice-registration.yaml"
+ ];
+
+ }
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
|