philipp8101/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Philipp Conrad
2026-05-14 13:39:10 +02:00
commit 7e444146d2
37 changed files with 1537 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
configuration/matrix.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, ... }:
{
services.dendrite = {
enable = true;
httpsPort = 44443;
tlsCert = "${config.security.acme.certs.${config.domainName}.directory}/fullchain.pem";
tlsKey = "${config.security.acme.certs.${config.domainName}.directory}/key.pem";
environmentFile = config.sops.secrets."matrix/registration".path;
settings = {
global = {
private_key = config.sops.secrets."matrix/private_key".path;
server_name = "matrix.${config.domainName}";
};
};
};
users.users.matrix.isNormalUser = true;
systemd.services.dendrite.serviceConfig.User = "matrix";
sops.secrets."matrix/registration" = { owner = "matrix"; };
sops.secrets."matrix/private_key" = { owner = "matrix"; };
systemd.services.dendrite.serviceConfig.Group = "nginx";
security.acme.certs."${config.domainName}".extraDomainNames = [ config.services.dendrite.settings.global.server_name ];
services.nginx.virtualHosts.${config.services.dendrite.settings.global.server_name} = {
useACMEHost = config.domainName;
addSSL = true;
locations."/".proxyPass = "https://localhost:${toString config.services.dendrite.httpsPort}";
locations."/.well-known/matrix/server".extraConfig =
let inherit (config.services.dendrite) httpsPort settings;
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{"m.server":"${settings.global.server_name}:${toString httpsPort}"}';
'';
};
# reachability via ip required for federation
networking.firewall.allowedTCPPorts = [ config.services.dendrite.httpsPort ];
}