From d966108a140a0cfce10004caab18aa9c9b59d4e1 Mon Sep 17 00:00:00 2001 From: tzlil Date: Fri, 21 Apr 2023 19:39:45 +0300 Subject: dendrite working, federation nominal --- hosts/vps/hydrus.nix | 2 +- hosts/vps/matrix.nix | 38 +++++++++++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 8 deletions(-) (limited to 'hosts') diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix index efd5383..c967fbc 100644 --- a/hosts/vps/hydrus.nix +++ b/hosts/vps/hydrus.nix @@ -43,7 +43,7 @@ security.lockKernelModules = lib.mkForce false; virtualisation.oci-containers.containers.hydrus-web = { - ports = ["8080:80"]; + ports = ["100.67.217.90:8080:80"]; image = "ghcr.io/floogulinc/hydrus-web:dev"; }; diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix index c2f4c5b..70d6c81 100644 --- a/hosts/vps/matrix.nix +++ b/hosts/vps/matrix.nix @@ -1,6 +1,7 @@ { pkgs, config, + lib, ... }: { config = { @@ -26,7 +27,7 @@ # networking.firewall.allowedTCPPorts = [80 443]; age.secrets.matrix = { - file = ../secrets/matrix.age; + file = ../../secrets/matrix.age; mode = "600"; owner = "root"; group = "root"; @@ -41,16 +42,18 @@ in { enable = true; - tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt"; - tlsKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"; + loadCredential = ["private_key:${config.age.secrets.matrix.path}" "tlsCert:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt" "tlsKey:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.key"]; - httpPort = null; - httpsPort = 8448; - loadCredential = ["private_key:${config.age.secrets.matrix.path}"]; + # tlsCert = "$CREDENTIALS_DIRECTORY/tlsCert"; + # tlsKey = "$CREDENTIALS_DIRECTORY/tlsKey"; + + # httpPort = null; + # httpsPort = 8448; settings = { global = { + server_name = "tzlil.net"; private_key = "$CREDENTIALS_DIRECTORY/private_key"; # preserve across restarts @@ -97,8 +100,16 @@ }; }; + systemd.services.dendrite.serviceConfig.ExecStart = lib.mkForce (lib.strings.concatStringsSep " " ([ + "${pkgs.dendrite}/bin/dendrite-monolith-server" + "--config /run/dendrite/dendrite.yaml" + "--http-bind-address :8008" + "--https-bind-address :8448" + "--tls-cert $CREDENTIALS_DIRECTORY/tlsCert" + "--tls-key $CREDENTIALS_DIRECTORY/tlsKey"])); + services.postgresql = { - package = pkgs.postgresql_11; + enable = true; ensureUsers = [ { name = "dendrite"; @@ -130,6 +141,19 @@ systemd.services.dendrite.after = ["postgresql.service"]; + + services.caddy = { + virtualHosts."tzlil.net:8448".extraConfig = '' + reverse_proxy /_matrix/* localhost:8008 + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + respond /.well-known/matrix/server `{"m.server": "tzlil.net"}` + ''; + virtualHosts."tzlil.net".extraConfig = '' + reverse_proxy /_matrix/* localhost:8008 + ''; + }; networking.firewall.allowedTCPPorts = [8448]; }; } -- cgit 1.4.1