clean up a bit

author: tzlil <tzlils@protonmail.com> 2023-07-30 13:19:39 +0300
committer: tzlil <tzlils@protonmail.com> 2023-07-30 13:19:39 +0300
commit: f72f22b250ecf22657ffc9e6082086377031ea8a (patch)
tree: ce0f397e0933118b64bc58fab5463968d27fd0df /hosts/vps/matrix.nix
parent: 22743d455ebb1f44f07b429a2b82045ca5b1d3ac (diff)
1 files changed, 0 insertions, 159 deletions
diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix
deleted file mode 100644
index e2aa1a5..0000000
--- a/hosts/vps/matrix.nix
+++ /dev/null
@@ -1,159 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
-  config = {
-    # services.matrix-synapse = {
-    #   enable = true;
-    #   settings.server_name = config.networking.domain;
-    #   settings.listeners = [
-    #     {
-    #       port = 8008;
-    #       bind_addresses = ["::1"];
-    #       type = "http";
-    #       tls = false;
-    #       x_forwarded = true;
-    #       resources = [
-    #         {
-    #           names = ["client" "federation"];
-    #           compress = true;
-    #         }
-    #       ];
-    #     }
-    #   ];
-    # };
-    # networking.firewall.allowedTCPPorts = [80 443];
-
-    age.secrets.matrix = {
-      file = ../../secrets/matrix.age;
-      mode = "600";
-      owner = "root";
-      group = "root";
-    };
-
-    services.dendrite = let
-      database_config = {
-        connection_string = "postgresql:///dendrite?host=/run/postgresql";
-        max_open_conns = 10;
-        max_idle_conns = 5;
-      };
-    in {
-      enable = true;
-
-      loadCredential = ["private_key:${config.age.secrets.matrix.path}" "tlsCert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt" "tlsKey:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"];
-
-      # tlsCert = "$CREDENTIALS_DIRECTORY/tlsCert";
-      # tlsKey = "$CREDENTIALS_DIRECTORY/tlsKey";
-
-      # httpPort = null;
-      # httpsPort = 8448;
-
-      settings = {
-        global = {
-          server_name = "tzlil.net";
-          private_key = "$CREDENTIALS_DIRECTORY/private_key";
-
-          # preserve across restarts
-          jetstream.storage_path = "/var/lib/dendrite/";
-
-          dns_cache = {
-            enabled = true;
-            cache_size = 4096;
-            cache_lifetime = "600s";
-          };
-
-          presence = {
-            enable_inbound = true;
-            enable_outbound = true;
-          };
-
-          cache.max_size_estimated = "16gb";
-        };
-        federation_api.key_perspectives = [
-          {
-            server_name = "matrix.org";
-            keys = [
-              {
-                key_id = "ed25519:auto";
-                public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
-              }
-              {
-                key_id = "ed25519:a_RXGa";
-                public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
-              }
-            ];
-          }
-        ];
-
-        app_service_api.database = database_config;
-        federation_api.database = database_config;
-        key_server.database = database_config;
-        media_api.database = database_config;
-        mscs.database = database_config;
-        room_server.database = database_config;
-        sync_api.database = database_config;
-        user_api.account_database = database_config;
-        user_api.device_database = database_config;
-      };
-    };
-
-    systemd.services.dendrite.serviceConfig.ExecStart = lib.mkForce (lib.strings.concatStringsSep " " [
-      "${pkgs.dendrite}/bin/dendrite"
-      "--config /run/dendrite/dendrite.yaml"
-      "--http-bind-address :8008"
-      "--https-bind-address :8448"
-      "--tls-cert $CREDENTIALS_DIRECTORY/tlsCert"
-      "--tls-key $CREDENTIALS_DIRECTORY/tlsKey"
-    ]);
-
-    services.postgresql = {
-      enable = true;
-      ensureUsers = [
-        {
-          name = "dendrite";
-          ensurePermissions = {
-            "DATABASE dendrite" = "ALL PRIVILEGES";
-          };
-        }
-      ];
-
-      ensureDatabases = ["dendrite"];
-    };
-
-    # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-    # systemd.services.dendrite.serviceConfig.User = "dendrite";
-    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
-    environment.persistence."/nix/persist".directories = [
-      {
-        directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
-        user = "postgres";
-        group = "postgres";
-      }
-
-      {
-        directory = "/var/lib/private/dendrite";
-        user = "root";
-        group = "root";
-      }
-    ];
-
-    systemd.services.dendrite.after = ["postgresql.service"];
-
-    services.caddy = {
-      # for federation
-      virtualHosts."tzlil.net:8448".extraConfig = ''
-        reverse_proxy /_matrix/* localhost:8008
-      '';
-      # for clients
-      virtualHosts."tzlil.net".extraConfig = ''
-        reverse_proxy /_matrix/* localhost:8008
-        header /.well-known/matrix/* Content-Type application/json
-        header /.well-known/matrix/* Access-Control-Allow-Origin *
-        respond /.well-known/matrix/server `{"m.server": "tzlil.net"}`
-      '';
-    };
-    networking.firewall.allowedTCPPorts = [8448];
-  };
-}
author	tzlil <tzlils@protonmail.com>	2023-07-30 13:19:39 +0300
committer	tzlil <tzlils@protonmail.com>	2023-07-30 13:19:39 +0300
commit	f72f22b250ecf22657ffc9e6082086377031ea8a (patch)
tree	ce0f397e0933118b64bc58fab5463968d27fd0df /hosts/vps/matrix.nix
parent	22743d455ebb1f44f07b429a2b82045ca5b1d3ac (diff)