diff --git a/configuration.nix b/configuration.nix index e02020a..aa709a8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -104,6 +104,7 @@ ./modules/devops.nix ./modules/monitoring.nix ./modules/periodic.nix + ./modules/communication.nix ]; } diff --git a/modules/communication.nix b/modules/communication.nix new file mode 100644 index 0000000..45afb25 --- /dev/null +++ b/modules/communication.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +{ + # Matrix server configuration + services.matrix-synapse = { + enable = true; + server_name = "coolneng.duckdns.org"; + listeners = [{ + port = 8008; + tls = false; + resources = [{ + compress = true; + names = [ "client" "webclient" "federation" ]; + }]; + x_forwarded = true; + }]; + }; + + # Telegram bridge for Matrix + services.mautrix-telegram = { + enable = false; + environmentFile = /var/lib/mautrix-telegram/telegram.env; + settings = { + homeserver = { + address = "https://matrix.coolneng.duckdns.org"; + domain = "coolneng.duckdns.org"; + }; + appservice = { + provisioning.enabled = false; + id = "telegram"; + public = { + enabled = true; + prefix = "/public"; + external = "https://matrix.coolneng.duckdns.org/public"; + }; + }; + bridge = { + relaybot.authless_portals = false; + permissions = { "@admin:matrix.coolneng.duckdns.org" = "admin"; }; + }; + }; + serviceDependencies = [ "matrix-synapse.service" ]; + }; +} diff --git a/modules/networking.nix b/modules/networking.nix index d3a3bf6..321f634 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -34,6 +34,7 @@ in { 80 # HTTP 443 # HTTPS 53 # DNS + 8448 # Matrix federation ]; allowedUDPPorts = [ 1194 # Wireguard diff --git a/modules/webstack.nix b/modules/webstack.nix index 7c53352..79f7cd5 100644 --- a/modules/webstack.nix +++ b/modules/webstack.nix @@ -59,6 +59,7 @@ extraConfig = "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; }; + locations."/.well-known/".alias = "${../well-known}" + "/"; }; "radicale.coolneng.duckdns.org" = { enableACME = true; @@ -86,6 +87,37 @@ forceSSL = true; locations."/" = { proxyPass = "http://localhost:8080/"; }; }; + "matrix.coolneng.duckdns.org" = { + enableACME = true; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + locations."/" = { proxyPass = "http://localhost:8008/"; }; + }; + "element.coolneng.duckdns.org" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = pkgs.element-web.override { + conf = { + default_server_config."m.homeserver" = { + "base_url" = "https://matrix.coolneng.duckdns.org"; + "server_name" = "coolneng.duckdns.org"; + }; + }; + }; + }; + }; }; }; @@ -100,6 +132,8 @@ "sync.coolneng.duckdns.org" "git.coolneng.duckdns.org" "rss.coolneng.duckdns.org" + "matrix.coolneng.duckdns.org" + "element.coolneng.duckdns.org" ]; }; }; @@ -133,9 +167,6 @@ host all all 127.0.0.1/32 trust host all all ::1/128 trust ''; - identMap = '' - gitea-users gitea gitea - ''; }; # PostgreSQL daily backups @@ -162,5 +193,7 @@ "syncthing.service" "miniflux.service" "radicale.service" + "matrix-synapse.service" + "element.service" ]; } diff --git a/well-known/matrix/server b/well-known/matrix/server new file mode 100644 index 0000000..e3f2a32 --- /dev/null +++ b/well-known/matrix/server @@ -0,0 +1 @@ +{ "m.server": "matrix.coolneng.duckdns.org:443" }