matrix: add element, fix ldap login

2023-03-25 16:05:30 +01:00 · 2023-03-25 16:05:30 +01:00 · fc56e5ff3e
parent 8cfdf8124e
commit fc56e5ff3e
1 changed files with 12 additions and 4 deletions
--- a/hosts/matrix/default.nix
+++ b/hosts/matrix/default.nix
@ -1,4 +1,4 @@
-{ config, libS, pkgs, ... }:
+{ config, lib, libS, pkgs, ... }:

 {
  c3d2.deployment.server = "server10";
@ -12,6 +12,10 @@
  services = {
    matrix-synapse = {
      enable = true;
+      element-web = {
+        enable = true;
+        domain = "element.c3d2.de";
+      };
      extraConfigFiles = [
        config.sops.secrets."matrix-synapse/config".path
      ];
@ -22,7 +26,6 @@
      settings = {
        admin_contact = "mailto:mail@c3d2.de";
        email = {
-          client_base_url = "https://element.c3d2.de/";
          enable_notifs = true;
          notif_for_new_users = false;
          notif_from = "Your Friendly %(app)s homeserver <matrix@c3d2.de>";
@ -55,7 +58,6 @@
        serve_server_wellknown = true;
        url_preview_enabled = true;
        user_ips_max_age = "7d";
-        web_client_location = "https://element.c3d2.de";
      };
    };

@ -64,15 +66,21 @@
      virtualHosts."matrix.c3d2.de" = {
        forceSSL = true;
        enableACME = true;
-        locations."/".proxyPass = "http://localhost:8008";
+        locations = {
+          "/".proxyPass = "http://127.0.0.1:8008";
+          "^~ /_synapse/admin/".return = "403";
+        };
      };
    };

+    portunus.addToHosts = true;
+
    postgresql = {
      enable = true;
      ensureUsers = [{
        name = "matrix-synapse";
      }];
+      # TODO: move into nixos-modules?
      initialScript = pkgs.writeText "synapse-init.sql" ''
        CREATE ROLE "matrix-synapse" WITH LOGIN;
        CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"