nixos/services/matrix/default.nix

69 lines
2.2 KiB
Nix

{ pkgs, ... }:
let
baseUrl = "matrix.xenia.me.uk";
port = 8008;
in {
imports = [ ../traefik/default.nix ];
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services = {
matrix-synapse = {
enable = true;
settings.server_name = "https://${baseUrl}";
# The public base URL value must match the `base_url` value set in `clientConfig` above.
# The default value here is based on `server_name`, so if your `server_name` is different
# from the value of `fqdn` above, you will likely run into some mismatched domain names
# in client applications.
settings.public_baseurl = "https://${baseUrl}";
settings.listeners = [{
bind_addresses = [ "127.0.0.1" ];
port = 8008;
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = true;
}];
}];
};
traefik = {
staticConfigOptions.entryPoints.synapse-federation.address = ":8448";
dynamicConfigOptions.http = {
routers = {
synapse-service = {
rule = "Host(`matrix.xenia.me.uk`)";
entryPoints = [ "http" "https" ];
service = "synapse-service";
tls = { certResolver = "default"; };
};
synapse-federation-client = {
rule = "PathPrefix(`/.well-known/matrix/client)";
entryPoints = [ "synapse-federation" ];
service = "synapse-service";
tls = { certResolver = "default"; };
};
synapse-federation-server = {
rule = "PathPrefix(`/.well-known/matrix/server)";
entryPoints = [ "synapse-federation" ];
service = "synapse-service";
tls = { certResolver = "default"; };
};
};
services = {
synapse-service.loadBalancer.servers =
[{ url = "http://localhost:8008"; }];
};
};
};
};
}