nachtigall: Add nginx config for serving matrix-synapse #33

Merged
axeman merged 1 commit from feat/matrix-nginx into main 2023-10-29 12:45:35 +00:00
3 changed files with 160 additions and 0 deletions

View file

@ -0,0 +1,46 @@
{
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.test.pub.solar";
server_name = "test.pub.solar";
};
"m.identity_server" = {
base_url = "";
};
};
# TODO: Add themes
# setting_defaults = {
# custom_themes = {{ matrix_client_element_setting_defaults_custom_themes | to_json }}
# };
# default_theme = {{ matrix_client_element_default_theme | string | to_json }};
# default_country_code = {{ matrix_client_element_default_country_code | string | to_json }};
permalink_prefix = "https://matrix.to";
disable_custom_urls = true;
disable_guests = true;
brand = "Element Solar";
# TODO: Configure these
integrations_ui_url = "";
integrations_rest_url = "";
integrations_widgets_urls = "";
integrations_jitsi_widget_url = "";
bug_report_endpoint_url = "https://element.io/bugreports/submit";
show_labs_settings = true;
room_directory = {
servers = ["matrix.org"];
};
# TODO: This looks wrong
enable_presence_by_hs_url = "\n";
embedded_pages = {
homeUrl = "";
};
branding = {
auth_footer_links = [{
text = "Privacy";
url = "https://pub.solar/privacy";
}];
# FUTUREWORK: Replace with pub.solar logo
auth_header_logo_url = "themes/element/img/logos/element-logo.svg";
};
}

View file

@ -0,0 +1,113 @@
{ lib, pkgs, ... }:
let
commonHeaders = ''
add_header Permissions-Policy interest-cohort=() always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
'';
clientConfig = import ./matrix/element-client-config.nix;
wellKnownClient."m.homeserver".base_url = "https://matrix.test.pub.solar";
wellKnownServer."m.server" = "matrix.test.pub.solar:8448";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
wellKnownLocations = {
"= /.well-known/matrix/server".extraConfig = mkWellKnown wellKnownServer;
"= /.well-known/matrix/client".extraConfig = mkWellKnown wellKnownClient;
};
in
{
services.nginx.virtualHosts = {
"test.pub.solar" = {
root = "/dev/null";
forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
locations = wellKnownLocations;
};
"chat.test.pub.solar" = {
forceSSL = true;
enableACME = true;
root = pkgs.element-web.override {
conf = clientConfig;
};
};
"matrix.test.pub.solar" = {
root = "/dev/null";
forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
extraConfig = ''
server_tokens off;
gzip on;
gzip_types text/plain application/json;
'';
locations = wellKnownLocations // {
# TODO: Configure metrics
# "/metrics" = {
# };
"/c3c3f34b-29fb-5feb-86e5-98c75ec8214b" = {
proxyPass = "http://127.0.0.1:8009";
extraConfig = commonHeaders;
};
"~* ^(/_matrix|/_synapse/client|/_synapse/oidc)" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
${commonHeaders}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
client_body_buffer_size 25M;
client_max_body_size 50M;
proxy_max_temp_file_size 0;
'';
};
};
};
"matrix.pub.solar-federation" = {
serverName = "matrix.test.pub.solar";
forceSSL = lib.mkDefault true;
enableACME = lib.mkDefault true;
listen = [{
port = 8448;
addr = "0.0.0.0";
ssl = true;
} {
port = 8448;
addr = "[::]";
ssl = true;
}];
root = "/dev/null";
extraConfig = ''
server_tokens off;
gzip on;
gzip_types text/plain application/json;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
client_body_buffer_size 25M;
client_max_body_size 150M;
proxy_max_temp_file_size 0;
'';
};
};
};
networking.firewall.allowedTCPPorts = [8448];
}

View file

@ -22,5 +22,6 @@
./apps/matrix/mautrix-telegram.nix ./apps/matrix/mautrix-telegram.nix
./apps/matrix/synapse.nix ./apps/matrix/synapse.nix
./apps/nginx-matrix.nix
]; ];
} }