nixos/middleman: Working Matrix
This commit is contained in:
		| @@ -154,6 +154,10 @@ | ||||
|                       port = "https"; | ||||
|                       dst = allAssignments.middleman.internal.ipv4.address + ":https"; | ||||
|                     } | ||||
|                     { | ||||
|                       port = 8448; | ||||
|                       dst = allAssignments.middleman.internal.ipv4.address + ":8448"; | ||||
|                     } | ||||
|                   ]; | ||||
|                 }; | ||||
|                 extraRules = | ||||
| @@ -170,7 +174,7 @@ | ||||
|                       # Safe enough to allow all SSH | ||||
|                       tcp dport ssh accept | ||||
|  | ||||
|                       ${matchInet "tcp dport { http, https } accept" "middleman"} | ||||
|                       ${matchInet "tcp dport { http, https, 8448 } accept" "middleman"} | ||||
|  | ||||
|                       return | ||||
|                     } | ||||
|   | ||||
| @@ -58,6 +58,8 @@ | ||||
|  | ||||
|                 listeners = [ | ||||
|                   { | ||||
|                     # Covers both IPv4 and IPv6 | ||||
|                     bind_addresses = [ "::" ]; | ||||
|                     port = 8008; | ||||
|                     type = "http"; | ||||
|                     tls = false; | ||||
| @@ -70,8 +72,8 @@ | ||||
|                     ]; | ||||
|                   } | ||||
|                   { | ||||
|                     port = 9000; | ||||
|                     bind_addresses = [ "127.0.0.1" "::1" ]; | ||||
|                     port = 9000; | ||||
|                     type = "manhole"; | ||||
|  | ||||
|                     # The NixOS module has defaults for these that we need to override since they don't make sense here | ||||
|   | ||||
| @@ -49,7 +49,7 @@ | ||||
|             }; | ||||
|  | ||||
|             firewall = { | ||||
|               tcp.allowed = [ "http" "https" ]; | ||||
|               tcp.allowed = [ "http" "https" 8448 ]; | ||||
|             }; | ||||
|           }; | ||||
|  | ||||
|   | ||||
| @@ -1,7 +1,37 @@ | ||||
| { lib, pkgs, config, ... }: | ||||
| let | ||||
|   inherit (builtins) mapAttrs; | ||||
|   inherit (lib) mkMerge mkDefault genAttrs; | ||||
|   inherit (builtins) mapAttrs toJSON; | ||||
|   inherit (lib) mkMerge mkDefault genAttrs flatten; | ||||
|  | ||||
|   dualStackListen' = l: map (addr: l // { inherit addr; }) [ "0.0.0.0" "[::]" ]; | ||||
|   dualStackListen = ll: flatten (map dualStackListen' ll); | ||||
|  | ||||
|   mkWellKnown = type: content: pkgs.writeTextFile { | ||||
|     name = "well-known-${type}"; | ||||
|     destination = "/${type}"; | ||||
|     text = content; | ||||
|   }; | ||||
|   wellKnownRoot = pkgs.symlinkJoin { | ||||
|     name = "http-wellknown"; | ||||
|     paths = [ | ||||
|       # For federation | ||||
|       (mkWellKnown "matrix/server" (toJSON { | ||||
|         "m.server" = "matrix.nul.ie:443"; | ||||
|       })) | ||||
|       # For clients | ||||
|       (mkWellKnown "matrix/client" (toJSON { | ||||
|         "m.homeserver".base_url = "https://matrix.nul.ie"; | ||||
|       })) | ||||
|     ]; | ||||
|   }; | ||||
|   wellKnown = { | ||||
|     "/.well-known/" = { | ||||
|       alias = "${wellKnownRoot}/"; | ||||
|       extraConfig = '' | ||||
|         autoindex on; | ||||
|       ''; | ||||
|     }; | ||||
|   }; | ||||
| in | ||||
| { | ||||
|   services.nginx.virtualHosts = | ||||
| @@ -11,6 +41,10 @@ in | ||||
|         default = true; | ||||
|         forceSSL = true; | ||||
|         onlySSL = false; | ||||
|         locations = mkMerge [ | ||||
|           { } | ||||
|           wellKnown | ||||
|         ]; | ||||
|       }; | ||||
|  | ||||
|       "pass.nul.ie" = | ||||
| @@ -30,9 +64,28 @@ in | ||||
|       }; | ||||
|  | ||||
|       "matrix.nul.ie" = { | ||||
|         globalRedirect = "element.nul.ie"; | ||||
|         listen = dualStackListen [ | ||||
|           { | ||||
|             port = 443; | ||||
|             ssl = true; | ||||
|           } | ||||
|           { | ||||
|             # Matrix federation | ||||
|             port = 8448; | ||||
|             ssl = true; | ||||
|             extraParameters = [ "default_server" ]; | ||||
|           } | ||||
|         ]; | ||||
|         locations = mkMerge [ | ||||
|           { | ||||
|             "/".proxyPass = "http://chatterbox-ctr.${config.networking.domain}:8008"; | ||||
|             "= /".return = "301 https://element.nul.ie"; | ||||
|           } | ||||
|           wellKnown | ||||
|         ]; | ||||
|         useACMEHost = lib.my.pubDomain; | ||||
|       }; | ||||
|  | ||||
|       "element.nul.ie" = | ||||
|       let | ||||
|         headers = '' | ||||
|   | ||||
										
											Binary file not shown.
										
									
								
							
		Reference in New Issue
	
	Block a user