Set up Matrix and Element

This commit is contained in:
coolneng 2020-12-28 18:42:26 +01:00
parent 33523cc4c6
commit 0011955907
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
5 changed files with 83 additions and 3 deletions

View File

@ -104,6 +104,7 @@
./modules/devops.nix ./modules/devops.nix
./modules/monitoring.nix ./modules/monitoring.nix
./modules/periodic.nix ./modules/periodic.nix
./modules/communication.nix
]; ];
} }

44
modules/communication.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }:
{
# Matrix server configuration
services.matrix-synapse = {
enable = true;
server_name = "coolneng.duckdns.org";
listeners = [{
port = 8008;
tls = false;
resources = [{
compress = true;
names = [ "client" "webclient" "federation" ];
}];
x_forwarded = true;
}];
};
# Telegram bridge for Matrix
services.mautrix-telegram = {
enable = false;
environmentFile = /var/lib/mautrix-telegram/telegram.env;
settings = {
homeserver = {
address = "https://matrix.coolneng.duckdns.org";
domain = "coolneng.duckdns.org";
};
appservice = {
provisioning.enabled = false;
id = "telegram";
public = {
enabled = true;
prefix = "/public";
external = "https://matrix.coolneng.duckdns.org/public";
};
};
bridge = {
relaybot.authless_portals = false;
permissions = { "@admin:matrix.coolneng.duckdns.org" = "admin"; };
};
};
serviceDependencies = [ "matrix-synapse.service" ];
};
}

View File

@ -34,6 +34,7 @@ in {
80 # HTTP 80 # HTTP
443 # HTTPS 443 # HTTPS
53 # DNS 53 # DNS
8448 # Matrix federation
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
1194 # Wireguard 1194 # Wireguard

View File

@ -59,6 +59,7 @@
extraConfig = extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
}; };
locations."/.well-known/".alias = "${../well-known}" + "/";
}; };
"radicale.coolneng.duckdns.org" = { "radicale.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
@ -86,6 +87,37 @@
forceSSL = true; forceSSL = true;
locations."/" = { proxyPass = "http://localhost:8080/"; }; locations."/" = { proxyPass = "http://localhost:8080/"; };
}; };
"matrix.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
listen = [
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations."/" = { proxyPass = "http://localhost:8008/"; };
};
"element.coolneng.duckdns.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = pkgs.element-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "https://matrix.coolneng.duckdns.org";
"server_name" = "coolneng.duckdns.org";
};
};
};
};
};
}; };
}; };
@ -100,6 +132,8 @@
"sync.coolneng.duckdns.org" "sync.coolneng.duckdns.org"
"git.coolneng.duckdns.org" "git.coolneng.duckdns.org"
"rss.coolneng.duckdns.org" "rss.coolneng.duckdns.org"
"matrix.coolneng.duckdns.org"
"element.coolneng.duckdns.org"
]; ];
}; };
}; };
@ -133,9 +167,6 @@
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
host all all ::1/128 trust host all all ::1/128 trust
''; '';
identMap = ''
gitea-users gitea gitea
'';
}; };
# PostgreSQL daily backups # PostgreSQL daily backups
@ -162,5 +193,7 @@
"syncthing.service" "syncthing.service"
"miniflux.service" "miniflux.service"
"radicale.service" "radicale.service"
"matrix-synapse.service"
"element.service"
]; ];
} }

1
well-known/matrix/server Normal file
View File

@ -0,0 +1 @@
{ "m.server": "matrix.coolneng.duckdns.org:443" }