2023-04-26 01:11:58 +02:00
{ config , libS , pkgs , . . . }:
2023-03-24 01:56:38 +01:00
{
c3d2 . deployment . server = " s e r v e r 1 0 " ;
microvm = {
mem = 1 * 1024 ;
vcpu = 2 ;
} ;
networking . hostName = " m a t r i x " ;
2023-05-29 21:44:35 +02:00
#
nixpkgs . overlays = [
( final : prev : {
# NOTE: using config.services.matrix-synapse.package does not work because it does not override the matrix-synapse used in matrix-synapse.plugins.matrix-synapse-ldap3
matrix-synapse = prev . matrix-synapse . overrideAttrs ( _ : {
# fail and take a good amount of time
doCheck = false ;
doInstallCheck = false ;
} ) ;
} )
] ;
2023-03-24 01:56:38 +01:00
services = {
2023-05-18 17:15:18 +02:00
backup . paths = [ " / v a r / l i b / m a t r i x - s y n a p s e / " ] ;
2023-03-24 01:56:38 +01:00
matrix-synapse = {
enable = true ;
2023-03-25 16:05:30 +01:00
element-web = {
enable = true ;
domain = " e l e m e n t . c 3 d 2 . d e " ;
} ;
2023-03-24 01:56:38 +01:00
extraConfigFiles = [
config . sops . secrets . " m a t r i x - s y n a p s e / c o n f i g " . path
] ;
ldap = {
enable = true ;
bindPasswordFile = config . sops . secrets . " m a t r i x - s y n a p s e / l d a p S e a r c h U s e r P a s s w o r d " . path ;
2023-05-05 00:03:39 +02:00
userFilter = config . security . ldap . groupFilter " m a t r i x " ;
2023-03-24 01:56:38 +01:00
} ;
settings = {
admin_contact = " m a i l t o : m a i l @ c 3 d 2 . d e " ;
email = {
enable_notifs = true ;
notif_for_new_users = false ;
notif_from = " Y o u r F r i e n d l y % ( a p p ) s h o m e s e r v e r < m a t r i x @ c 3 d 2 . d e > " ;
require_transport_security = true ;
smtp_host = " m a i l . c 3 d 2 . d e " ;
smtp_user = " m a t r i x @ c 3 d 2 . d e " ;
} ;
enable_registration = false ;
# duplicated in extraConfigFile since synapse is not deep merging the files
# password_config = {
# policy = {
# enabled = true;
# require_digit = true;
# require_lowercase = true;
# require_symbol = true;
# require_uppercase = true;
# };
# };
public_baseurl = " h t t p s : / / m a t r i x . c 3 d 2 . d e / " ;
registration_requires_token = true ;
report_stats = false ;
retention = {
enabled = true ;
default_policy = {
min_lifetime = " 1 d " ;
max_lifetime = " 1 y " ;
} ;
} ;
server_name = " c 3 d 2 . d e " ;
serve_server_wellknown = true ;
url_preview_enabled = true ;
user_ips_max_age = " 7 d " ;
} ;
} ;
2023-04-09 21:13:27 +02:00
matterbridge = {
enable = true ;
configPath = config . sops . secrets . " m a t t e r b r i d g e / c o n f i g " . path ;
} ;
2023-03-24 01:56:38 +01:00
nginx = {
enable = true ;
virtualHosts . " m a t r i x . c 3 d 2 . d e " = {
forceSSL = true ;
enableACME = true ;
2023-03-25 16:05:30 +01:00
locations = {
" / " . proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 0 8 " ;
" ^ ~ / _ s y n a p s e / a d m i n / " . return = " 4 0 3 " ;
} ;
2023-03-24 01:56:38 +01:00
} ;
} ;
2023-03-25 16:05:30 +01:00
portunus . addToHosts = true ;
2023-03-24 01:56:38 +01:00
postgresql = {
enable = true ;
ensureUsers = [ {
name = " m a t r i x - s y n a p s e " ;
} ] ;
2023-03-25 16:05:30 +01:00
# TODO: move into nixos-modules?
2023-03-24 01:56:38 +01:00
initialScript = pkgs . writeText " s y n a p s e - i n i t . s q l " ''
CREATE ROLE " m a t r i x - s y n a p s e " WITH LOGIN ;
CREATE DATABASE " m a t r i x - s y n a p s e " WITH OWNER " m a t r i x - s y n a p s e "
TEMPLATE template0
LC_COLLATE = " C "
LC_CTYPE = " C " ;
'' ;
package = pkgs . postgresql_15 ;
upgrade . stopServices = [ " m a t r i x - s y n a p s e " ] ;
} ;
} ;
sops = {
defaultSopsFile = ./secrets.yaml ;
secrets = with libS . sops ; {
2023-04-09 21:13:27 +02:00
" m a t t e r b r i d g e / c o n f i g " = permissionForUser " m a t t e r b r i d g e " ;
2023-03-24 01:56:38 +01:00
" m a t r i x - s y n a p s e / c o n f i g " = permissionForUser " m a t r i x - s y n a p s e " ;
" m a t r i x - s y n a p s e / l d a p S e a r c h U s e r P a s s w o r d " = permissionForUser " m a t r i x - s y n a p s e " ;
2023-05-18 17:15:18 +02:00
" r e s t i c / p a s s w o r d " . owner = " r o o t " ;
" r e s t i c / r e p o s i t o r y / s e r v e r 8 " . owner = " r o o t " ;
2023-03-24 01:56:38 +01:00
} ;
} ;
system . stateVersion = " 2 2 . 1 1 " ;
}