From 3ec00b60f5d8fdb9f2ef14e27370c669c478c713 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Mon, 6 Jun 2022 17:10:53 +0100 Subject: [PATCH] nixos/middleman: Add element-web --- .../vms/shill/containers/middleman/vhosts.nix | 51 ++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index d36a33e..28ce388 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: let inherit (builtins) mapAttrs; - inherit (lib) mkMerge mkDefault; + inherit (lib) mkMerge mkDefault genAttrs; in { services.nginx.virtualHosts = @@ -28,6 +28,55 @@ in }; useACMEHost = lib.my.pubDomain; }; + + "matrix.nul.ie" = { + globalRedirect = "element.nul.ie"; + useACMEHost = lib.my.pubDomain; + }; + "element.nul.ie" = + let + headers = '' + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "frame-ancestors 'none'"; + ''; + in + { + extraConfig = '' + ${headers} + ''; + root = pkgs.element-web.override { + conf = { + brand = "/dev/player0's Matrix"; + showLabsSettings = true; + disable_guests = true; + default_server_config = { + "m.homeserver" = { + base_url = "https://matrix.nul.ie"; + server_name = "nul.ie"; + }; + }; + roomDirectory.servers = [ + "nul.ie" + "netsoc.ie" + "matrix.org" + ]; + }; + }; + locations = mkMerge [ + { } + (genAttrs [ "= /index.html" "= /version" "/config" ] (_: { + extraConfig = '' + # Gotta duplicate the headers... + # https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md + ${headers} + add_header Cache-Control "no-cache"; + ''; + })) + ]; + useACMEHost = lib.my.pubDomain; + }; }; in mkMerge [