dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/middleman: Working Matrix

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-06-11 01:20:32 +01:00
parent ffdff3d403
commit 106698b53e
5 changed files with 65 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/boxes/colony/vms/estuary/default.nix
View File

@ -154,6 +154,10 @@
port = "https"; port = "https";
dst = allAssignments.middleman.internal.ipv4.address + ":https"; dst = allAssignments.middleman.internal.ipv4.address + ":https";
} }
{
port = 8448;
dst = allAssignments.middleman.internal.ipv4.address + ":8448";
}
]; ];
}; };
extraRules = extraRules =
@ -170,7 +174,7 @@
# Safe enough to allow all SSH # Safe enough to allow all SSH
tcp dport ssh accept tcp dport ssh accept
${matchInet "tcp dport { http, https } accept" "middleman"} ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"}
return return
} }

4
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@ -58,6 +58,8 @@
listeners = [ listeners = [
{ {
# Covers both IPv4 and IPv6
bind_addresses = [ "::" ];
port = 8008; port = 8008;
type = "http"; type = "http";
tls = false; tls = false;
@ -70,8 +72,8 @@
]; ];
} }
{ {
port = 9000;
bind_addresses = [ "127.0.0.1" "::1" ]; bind_addresses = [ "127.0.0.1" "::1" ];
port = 9000;
type = "manhole"; type = "manhole";
# The NixOS module has defaults for these that we need to override since they don't make sense here # The NixOS module has defaults for these that we need to override since they don't make sense here

2
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@ -49,7 +49,7 @@
}; };
firewall = { firewall = {
tcp.allowed = [ "http" "https" ]; tcp.allowed = [ "http" "https" 8448 ];
}; };
}; };

59
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@ -1,7 +1,37 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
let let
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs toJSON;
inherit (lib) mkMerge mkDefault genAttrs; inherit (lib) mkMerge mkDefault genAttrs flatten;
dualStackListen' = l: map (addr: l // { inherit addr; }) [ "0.0.0.0" "[::]" ];
dualStackListen = ll: flatten (map dualStackListen' ll);
mkWellKnown = type: content: pkgs.writeTextFile {
name = "well-known-${type}";
destination = "/${type}";
text = content;
};
wellKnownRoot = pkgs.symlinkJoin {
name = "http-wellknown";
paths = [
# For federation
(mkWellKnown "matrix/server" (toJSON {
"m.server" = "matrix.nul.ie:443";
}))
# For clients
(mkWellKnown "matrix/client" (toJSON {
"m.homeserver".base_url = "https://matrix.nul.ie";
}))
];
};
wellKnown = {
"/.well-known/" = {
alias = "${wellKnownRoot}/";
extraConfig = ''
autoindex on;
'';
};
};
in in
{ {
services.nginx.virtualHosts = services.nginx.virtualHosts =
@ -11,6 +41,10 @@ in
default = true; default = true;
forceSSL = true; forceSSL = true;
onlySSL = false; onlySSL = false;
locations = mkMerge [
{ }
wellKnown
];
}; };
"pass.nul.ie" = "pass.nul.ie" =
@ -30,9 +64,28 @@ in
}; };
"matrix.nul.ie" = { "matrix.nul.ie" = {
globalRedirect = "element.nul.ie"; listen = dualStackListen [
{
port = 443;
ssl = true;
}
{
# Matrix federation
port = 8448;
ssl = true;
extraParameters = [ "default_server" ];
}
];
locations = mkMerge [
{
"/".proxyPass = "http://chatterbox-ctr.${config.networking.domain}:8008";
"= /".return = "301 https://element.nul.ie";
}
wellKnown
];
useACMEHost = lib.my.pubDomain; useACMEHost = lib.my.pubDomain;
}; };
"element.nul.ie" = "element.nul.ie" =
let let
headers = '' headers = ''

BIN
secrets/synapse.yaml.age
View File

Binary file not shown.