summary refs log tree commit diff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/vps/hydrus.nix2
-rw-r--r--hosts/vps/matrix.nix38
2 files changed, 32 insertions, 8 deletions
diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix
index efd5383..c967fbc 100644
--- a/hosts/vps/hydrus.nix
+++ b/hosts/vps/hydrus.nix
@@ -43,7 +43,7 @@
 
     security.lockKernelModules = lib.mkForce false;
     virtualisation.oci-containers.containers.hydrus-web = {
-      ports = ["8080:80"];
+      ports = ["100.67.217.90:8080:80"];
       image = "ghcr.io/floogulinc/hydrus-web:dev";
     };
 
diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix
index c2f4c5b..70d6c81 100644
--- a/hosts/vps/matrix.nix
+++ b/hosts/vps/matrix.nix
@@ -1,6 +1,7 @@
 {
   pkgs,
   config,
+  lib,
   ...
 }: {
   config = {
@@ -26,7 +27,7 @@
     # networking.firewall.allowedTCPPorts = [80 443];
 
     age.secrets.matrix = {
-        file = ../secrets/matrix.age;
+        file = ../../secrets/matrix.age;
         mode = "600";
         owner = "root";
         group = "root";
@@ -41,16 +42,18 @@
     in {
       enable = true;
 
-      tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt";
-      tlsKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key";
+      loadCredential = ["private_key:${config.age.secrets.matrix.path}" "tlsCert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt" "tlsKey:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"];
 
-      httpPort = null;
-      httpsPort = 8448;
 
-      loadCredential = ["private_key:${config.age.secrets.matrix.path}"];
+      # tlsCert = "$CREDENTIALS_DIRECTORY/tlsCert";
+      # tlsKey = "$CREDENTIALS_DIRECTORY/tlsKey";
+
+      # httpPort = null;
+      # httpsPort = 8448;
 
       settings = {
         global = {
+          server_name = "tzlil.net";
           private_key = "$CREDENTIALS_DIRECTORY/private_key";
 
           # preserve across restarts
@@ -97,8 +100,16 @@
       };
     };
 
+    systemd.services.dendrite.serviceConfig.ExecStart = lib.mkForce (lib.strings.concatStringsSep " " ([
+          "${pkgs.dendrite}/bin/dendrite-monolith-server"
+          "--config /run/dendrite/dendrite.yaml"
+          "--http-bind-address :8008"
+          "--https-bind-address :8448"
+          "--tls-cert $CREDENTIALS_DIRECTORY/tlsCert"
+          "--tls-key $CREDENTIALS_DIRECTORY/tlsKey"]));
+
     services.postgresql = {
-      package = pkgs.postgresql_11;
+      enable = true;
       ensureUsers = [
         {
           name = "dendrite";
@@ -130,6 +141,19 @@
 
     systemd.services.dendrite.after = ["postgresql.service"];
 
+
+    services.caddy = {
+      virtualHosts."tzlil.net:8448".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+
+        header /.well-known/matrix/* Content-Type application/json
+        header /.well-known/matrix/* Access-Control-Allow-Origin *
+        respond /.well-known/matrix/server `{"m.server": "tzlil.net"}`
+      '';
+      virtualHosts."tzlil.net".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:8008
+      '';
+    };
     networking.firewall.allowedTCPPorts = [8448];
   };
 }