From 9a27b12e409dabae9bedd0e08cf41e4b15e40aeb Mon Sep 17 00:00:00 2001 From: Rory& Date: Mon, 26 Feb 2024 15:18:33 +0100 Subject: Matrix media gate --- flake.lock | 123 ++++++-- flake.nix | 21 +- hardware-configuration.nix | 43 +++ .../matrix/appsettings.conduit-rory-gay.json | 17 ++ .../matrix/appsettings.matrix-rory-gay.json | 17 ++ host/Rory-nginx/services/matrix/draupnir.nix | 2 + .../services/matrix/matrix-media-gate.nix | 35 +++ host/Rory-nginx/services/matrix/root.nix | 1 + .../services/nginx/localhost/matrix-rory-gay.nix | 280 +++++++++++++++++ .../Rory-nginx/services/nginx/rory.gay/conduit.nix | 3 +- host/Rory-nginx/services/nginx/rory.gay/matrix.nix | 334 ++++----------------- 11 files changed, 565 insertions(+), 311 deletions(-) create mode 100644 hardware-configuration.nix create mode 100644 host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json create mode 100644 host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json create mode 100755 host/Rory-nginx/services/matrix/matrix-media-gate.nix create mode 100644 host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix diff --git a/flake.lock b/flake.lock index 3e129d2..d5aeb56 100644 --- a/flake.lock +++ b/flake.lock @@ -1,11 +1,30 @@ { "nodes": { + "MatrixMediaGate": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1708849238, + "narHash": "sha256-row//i4aghEYHWwsMVCKF+5IRCktHLk8H0va8+YiXt0=", + "ref": "refs/heads/master", + "rev": "766e1eef3b6a24bf45b46c014b07aed0ed139503", + "revCount": 2, + "type": "git", + "url": "https://cgit.rory.gay/matrix/MatrixMediaGate.git/" + }, + "original": { + "type": "git", + "url": "https://cgit.rory.gay/matrix/MatrixMediaGate.git/" + } + }, "attic": { "inputs": { "crane": "crane", "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -25,7 +44,7 @@ }, "botcore-v4": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1683656302, @@ -48,18 +67,18 @@ "crane": "crane_2", "fenix": "fenix", "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nix-filter": "nix-filter", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1708797853, - "narHash": "sha256-v6oqDvpJVs3tCGKypNdK1T4yfhtE5OcDB4YCB24e/qE=", + "lastModified": 1708926554, + "narHash": "sha256-NRfhf/+Scj23L6HysGoFT9+CQmegHCec91OxKFeSg+0=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "342400fe2d186ef0fa8e1214827fe2b26f280a8d", + "rev": "ca281b21db6640890828d2b6db743e9db33cc012", "type": "github" }, "original": { @@ -183,6 +202,24 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -197,9 +234,9 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1705309234, @@ -215,9 +252,9 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1705309234, @@ -235,7 +272,7 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1708806879, @@ -304,8 +341,8 @@ "nixos-wsl": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_4" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1708788887, @@ -323,11 +360,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "lastModified": 1708655239, + "narHash": "sha256-ZrP/yACUvDB+zbqYJsln4iwotbH6CTZiTkANJ0AgDv4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "rev": "cbc4211f0afffe6dfd2478a62615dd5175a13f9a", "type": "github" }, "original": { @@ -339,11 +376,11 @@ }, "nixpkgs-RoryNix": { "locked": { - "lastModified": 1708702655, - "narHash": "sha256-qxT5jSLhelfLhQ07+AUxSTm1VnVH+hQxDkQSZ/m/Smo=", + "lastModified": 1708831307, + "narHash": "sha256-0iL/DuGjiUeck1zEaL+aIe2WvA3/cVhp/SlmTcOZXH4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5101e457206dd437330d283d6626944e28794b3", + "rev": "5bf1cadb72ab4e77cb0b700dab76bcdaf88f706b", "type": "github" }, "original": { @@ -386,6 +423,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1702539185, "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", @@ -401,7 +454,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1708118438, "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", @@ -417,7 +470,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1707514827, "narHash": "sha256-Y+wqFkvikpE1epCx57PsGw+M1hX5aY5q/xgk+ebDwxI=", @@ -433,13 +486,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1708655239, - "narHash": "sha256-ZrP/yACUvDB+zbqYJsln4iwotbH6CTZiTkANJ0AgDv4=", + "lastModified": 1708807242, + "narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cbc4211f0afffe6dfd2478a62615dd5175a13f9a", + "rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a", "type": "github" }, "original": { @@ -451,13 +504,14 @@ }, "root": { "inputs": { + "MatrixMediaGate": "MatrixMediaGate", "botcore-v4": "botcore-v4", "conduit": "conduit", "home-manager": "home-manager", "mtxclientSrc": "mtxclientSrc", "nhekoSrc": "nhekoSrc", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-RoryNix": "nixpkgs-RoryNix", "nixpkgs-rory": "nixpkgs-rory" } @@ -508,6 +562,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 752aece..a64698f 100755 --- a/flake.nix +++ b/flake.nix @@ -14,9 +14,6 @@ #url = "github:NixOS/nixpkgs/nixos-23.05"; url = "github:NixOS/nixpkgs/nixos-23.11"; }; - botcore-v4 = { - url = "gitlab:BotCore-Devs/BotCore-v4/staging"; - }; home-manager = { url = "github:nix-community/home-manager/master"; }; @@ -31,6 +28,16 @@ nixos-wsl.url = "github:nix-community/NixOS-WSL"; #inputs.nur.url = github:nix-community/NUR; + # Own projects + + botcore-v4 = { + url = "gitlab:BotCore-Devs/BotCore-v4/staging"; + }; + + MatrixMediaGate = { + url = "git+https://cgit.rory.gay/matrix/MatrixMediaGate.git/"; + }; + # Sources... nhekoSrc = { url = "github:Nheko-reborn/nheko/master"; @@ -41,14 +48,9 @@ url = "github:Nheko-reborn/mtxclient/master"; flake = false; }; - - # DO NOT TOUCH THIS UNGODLY MESS - #nix-ld.url = "github:Mic92/nix-ld"; - # this line assume that you also have nixpkgs as an input - #nix-ld.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, conduit, nixos-wsl, ... }@inputs: { + outputs = { self, nixpkgs, nixpkgs-RoryNix, nixpkgs-rory, home-manager, botcore-v4, MatrixMediaGate, conduit, nixos-wsl, ... }@inputs: { nixosConfigurations = { #NIXPKGS FORK Rory-nginx = nixpkgs-rory.lib.nixosSystem { @@ -62,6 +64,7 @@ inherit botcore-v4; inherit home-manager; inherit conduit; + inherit MatrixMediaGate; }; }; diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..e8bb2a6 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0061d860-0831-45fc-abb8-bc8c8de5f249"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F6C7-F997"; + fsType = "vfat"; + }; + + fileSystems."/disk/steam" = + { device = "/dev/disk/by-uuid/fb909d8d-ff3c-4174-abf2-ed22ca23a58e"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp34s0.useDHCP = lib.mkDefault true; + # networking.interfaces.virbr0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json new file mode 100644 index 0000000..f1e8d6a --- /dev/null +++ b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json @@ -0,0 +1,17 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Information", + "Microsoft.AspNetCore.Routing": "Warning", + "Microsoft.AspNetCore.Mvc": "Warning" + } + }, + "ProxyConfiguration": { + "Upstream": "http://127.0.0.1:6167", + "Host": "conduit.rory.gay", + "TrustedServers": [ + "conduit.rory.gay" + ] + } +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json new file mode 100644 index 0000000..5ce983f --- /dev/null +++ b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json @@ -0,0 +1,17 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Information", + "Microsoft.AspNetCore.Routing": "Warning", + "Microsoft.AspNetCore.Mvc": "Warning" + } + }, + "ProxyConfiguration": { + "Upstream": "http://matrix-rory-gay.localhost", + "Host": "matrix.rory.gay", + "TrustedServers": [ + "rory.gay" + ] + } +} \ No newline at end of file diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix index a527164..8930f1e 100755 --- a/host/Rory-nginx/services/matrix/draupnir.nix +++ b/host/Rory-nginx/services/matrix/draupnir.nix @@ -37,6 +37,8 @@ words = [ "tranny" "faggot" + "ywnbaw" + "nigger" ]; minutesBeforeTrusting = 0; }; diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix new file mode 100755 index 0000000..e459fcd --- /dev/null +++ b/host/Rory-nginx/services/matrix/matrix-media-gate.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, MatrixMediaGate, ... }: + +{ + systemd.services = { + "MatrixMediaGate-matrix-rory-gay" = { + serviceConfig = { + ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate"; + ExecStartPre = "cp ${./appsettings.matrix-rory-gay.json} /etc/matrix-media-gate/appsettings.matrix-rory-gay.json"; + Restart = "always"; + RestartSec = "5"; + DynamicUser = true; + StateDirectory = "matrix-media-gate"; + }; + environment = { + "DOTNET_ENVIRONMENT" = "matrix-rory-gay"; + "DOTNET_URLS" = "http://localhost:9001"; + }; + }; + "MatrixMediaGate-conduit-rory-gay" = { + serviceConfig = { + ExecStart = "${MatrixMediaGate}/bin/MatrixMediaGate"; + ExecStartPre = "cp ${./appsettings.conduit-rory-gay.json} /etc/matrix-media-gate/appsettings.conduit-rory-gay.json"; + Restart = "always"; + RestartSec = "5"; + DynamicUser = true; + StateDirectory = "matrix-media-gate"; + }; + environment = { + "DOTNET_ENVIRONMENT" = "conduit-rory-gay"; + "DOTNET_URLS" = "http://localhost:9002"; + }; + }; + }; +} + diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix index d624542..2c0df53 100755 --- a/host/Rory-nginx/services/matrix/root.nix +++ b/host/Rory-nginx/services/matrix/root.nix @@ -8,6 +8,7 @@ ./matrix-appservice-discord.nix ./draupnir.nix ./conduit.nix + ./matrix-media-gate.nix ]; } \ No newline at end of file diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix new file mode 100644 index 0000000..0ab8e9a --- /dev/null +++ b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix @@ -0,0 +1,280 @@ +{ + enableACME = false; + addSSL = false; + # locations."/_matrix" = { + # proxyPass = "http://192.168.1.5:8008"; + # extraConfig = '' + # if ($request_method = 'OPTIONS') { + # more_set_headers 'Access-Control-Allow-Origin: *'; + # more_set_headers 'Access-Control-Allow-Methods: *'; + # # + # # Custom headers and headers various browsers *should* be OK with but aren't + # # + # more_set_headers 'Access-Control-Allow-Headers: *'; + # # + # # Tell client that this pre-flight info is valid for 20 days + # # + # more_set_headers 'Access-Control-Max-Age' 1728000; + # more_set_headers 'Content-Type: text/plain; charset=utf-8'; + # more_set_headers 'Content-Length' 0; + # return 204; + # }; + # ''; + # }; + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker + locations."~ ^/_matrix/client/(r0|v3)/sync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + extraConfig = '' + proxy_read_timeout 3600; + proxy_connect_timeout 3600; + proxy_send_timeout 3600; + ''; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/versions$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { + proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { + proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; + }; + + # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { + proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { + proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; + }; + # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream + locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { + proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; + }; + + ### DUPLICATES???? + # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory + locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { + proxyPass = "http://user_dir_workers_upstream$request_uri"; + }; + + # ??? + locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8008"; + #proxyPass = "http://$backend"; + proxyPass = "http://127.0.0.1:8008"; + }; + + locations."~ ^/_matrix/federation/v1/event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/state_ids/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/backfill/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/get_missing_events/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/publicRooms" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/query/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/make_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/event_auth/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/user/devices/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/key/v2/query" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/hierarchy/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + locations."~ ^/_matrix/federation/v1/send/" = { + proxyPass = "http://generic_workers_upstream$request_uri"; + }; + + ##### media repo + + # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository + locations."~ ^/_matrix/media/" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + locations."~ ^/_synapse/admin/v1/users/.*/media$" = { + proxyPass = "http://media_repository_workers_upstream$request_uri"; + }; + + #locations."/" = { + #resolver 127.0.0.11 valid=5s; + #set $backend "matrix-synapse:8048"; + #proxyPass = "http://$backend"; + #}; + + + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; +} diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix index 12a32cd..44b074a 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix @@ -2,7 +2,8 @@ enableACME = true; addSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:6167"; + proxyPass = "http://127.0.0.1:9002"; + #proxyPass = "http://127.0.0.1:6167"; extraConfig = '' if ($request_method = 'OPTIONS') { more_set_headers 'Access-Control-Allow-Origin: *'; diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix index 7af0222..940e7b3 100755 --- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix +++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix @@ -1,280 +1,66 @@ { enableACME = true; addSSL = true; - # locations."/_matrix" = { - # proxyPass = "http://192.168.1.5:8008"; - # extraConfig = '' - # if ($request_method = 'OPTIONS') { - # more_set_headers 'Access-Control-Allow-Origin: *'; - # more_set_headers 'Access-Control-Allow-Methods: *'; - # # - # # Custom headers and headers various browsers *should* be OK with but aren't - # # - # more_set_headers 'Access-Control-Allow-Headers: *'; - # # - # # Tell client that this pre-flight info is valid for 20 days - # # - # more_set_headers 'Access-Control-Max-Age' 1728000; - # more_set_headers 'Content-Type: text/plain; charset=utf-8'; - # more_set_headers 'Content-Length' 0; - # return 204; - # }; - # ''; - # }; - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker - locations."~ ^/_matrix/client/(r0|v3)/sync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - extraConfig = '' - proxy_read_timeout 3600; - proxy_connect_timeout 3600; - proxy_send_timeout 3600; - ''; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/versions$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = { - proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = { - proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri"; - }; - - # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = { - proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = { - proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri"; - }; - # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream - locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = { - proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri"; - }; - - ### DUPLICATES???? - # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory - locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = { - proxyPass = "http://user_dir_workers_upstream$request_uri"; - }; - - # ??? - locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8008"; - #proxyPass = "http://$backend"; - proxyPass = "http://127.0.0.1:8008"; - }; - - locations."~ ^/_matrix/federation/v1/event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/state_ids/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/backfill/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/get_missing_events/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/publicRooms" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/query/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/make_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/(v1|v2)/invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/event_auth/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/user/devices/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/key/v2/query" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/hierarchy/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - locations."~ ^/_matrix/federation/v1/send/" = { - proxyPass = "http://generic_workers_upstream$request_uri"; - }; - - ##### media repo - - # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository - locations."~ ^/_matrix/media/" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/purge_media_cache$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; + locations."/" = { + proxyPass = "http://127.0.0.1:9002"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *, Authorization'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; }; - locations."~ ^/_synapse/admin/v1/media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - locations."~ ^/_synapse/admin/v1/users/.*/media$" = { - proxyPass = "http://media_repository_workers_upstream$request_uri"; - }; - - #locations."/" = { - #resolver 127.0.0.11 valid=5s; - #set $backend "matrix-synapse:8048"; - #proxyPass = "http://$backend"; - #}; - - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + locations."= /.well-known/matrix/server".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.server" = "matrix.rory.gay:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + "m.homeserver".base_url = "https://matrix.rory.gay"; + "m.identity_server".base_url = "https://matrix.rory.gay"; + } + }'; + ''; + locations."= /.well-known/matrix/support".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + admins = [ + { + matrix_id = "@emma:rory.gay"; + role = "admin"; + } + { + matrix_id = "@alicia:rory.gay"; + role = "admin"; + } + { + matrix_id = "@root:rory.gay"; + role = "admin"; + } + { + matrix_id = "@rory:rory.gay"; + role = "admin"; + } + ]; + } + }'; + ''; } -- cgit 1.4.1