diff --git a/secrets/matrix-registration.age b/secrets/matrix-registration.age index 4ab6638..52de35c 100644 --- a/secrets/matrix-registration.age +++ b/secrets/matrix-registration.age @@ -1,11 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 WCPLrA XGZXUAx6d4swnmjGCMKtUnTmyyjUlHJwWweJLACKXHw -O7tDm8+1DJlEg2dmjiwZmBoirEK71I2GMA5JbkF3c14 --> ssh-ed25519 7/ziYw qWvGzM3dxCa31M4qp3VUHfYuoALGYC0nBCbYRlU/XBA -o+4UqGeenrH+dkWglWIY95aInDq/zybiJZzv3Qhoevk --> ssh-ed25519 GQzYWA UbICRYTkeCqHM6Qzl50xBSlCgEl1BvMCSqAjusjfowQ -raXFAddeBL4AhViLzGxviy6kd9F6U4QlMI2SABuEQ08 --> ssh-ed25519 MfR7VA tIIPAbmPo1e9SH5gWhQQn5fqEgDlLDmZUBVkWVsvAVY -D03pcUpy06ptfRRG1PfaqMQLuxEGQN/AGdmjVFop8Ko ---- UQs52nFPmuzoQ8C++6tSE5ib+YQ1ap57ZrrzDeTxSL4 - z \09uT$/?3 ~!iL]{SXg;78аnR֚a20W!@? E\Z[ \ No newline at end of file +-> ssh-ed25519 WCPLrA FteHUNmFHfcuZJY+c30Uolc0BJA0qg4U5S+z1IcAm0A +J1LBCTIpC6PwFQT7AgO6NZChoue7Ql/zTn4vShc80wA +-> ssh-ed25519 7/ziYw bBzAFCm4eLBVzkj87tT42qNIHgCidejw0s7aj6tz+mU +IIsIf0Us6UIYpeTZ0kXXAKeHmGdqCN1DubSA6O0D0YQ +-> ssh-ed25519 GQzYWA 7U/u+uKT2VvLWP6pQupjk/tq1wDPJ3V0rP6p+tidsHM +vHq4pZy9TjZKlNvCAFJ5DPJM95Hm15XCf9aCtXUGrkM +-> ssh-ed25519 MfR7VA fHoviHzOnpbVcL6xOErLkmHbFsFWnxjoMIHcVclw8j4 +SBoW1uNS/D3JfoQAyEeHgeAXTt2hFFnpqV/V7yumvQw +--- kPb4ISU9U9Z35ttZbVol0qHuwnkDMSInr/zWE8yTeQk +`E!וAhhͼċAJ4b{W3]M +׆l_ \ No newline at end of file diff --git a/secrets/temp.pem b/secrets/temp.pem deleted file mode 100644 index 08e7df1..0000000 Binary files a/secrets/temp.pem and /dev/null differ diff --git a/system/server/matrix.nix b/system/server/matrix.nix index ba56d2e..f545d0e 100644 --- a/system/server/matrix.nix +++ b/system/server/matrix.nix @@ -9,60 +9,27 @@ max_idle_conns = 5; conn_max_lifetime = -1; }; - port = 9003; host = "matrix.jsw.tf"; in { config = lib.mkIf config.niksos.server { services = { - dendrite = { + matrix-continuwuity = { enable = true; - loadCredential = [ - # $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key' - "matrix-server-key:${config.age.secrets.matrix-priv.path}" - ]; - environmentFile = config.age.secrets.matrix-registration.path; # Contains: `REGISTRATION_SHARED_SECRET=verysecretpassword` - # openRegistration = true; - - httpPort = port; - settings = { - global = { - inherit database; - server_name = host; - private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key"; #nix shell nixpkgs#dendrite; generate-keys --private-key matrix_key.pem - }; - app_service_api.database = database; - federation_api.database = database; - key_server.database = database; - media_api.database = database; - mscs.database = database; - relay_api.database = database; - room_server.database = database; - sync_api.database = database; - user_api.account_database.database = database; - user_api.device_database.database = database; - sync_api.search.enabled = true; + global = { + unix_socket_path = /run/continuwuity/continuwuity.sock; + server_name = host; + allow_registration = true; + registration_token_file = config.age.secrets.matrix-registration.path; }; }; - postgresql = { - enable = true; - enableTCPIP = false; - ensureDatabases = ["dendrite"]; - ensureUsers = [ - { - name = "dendrite"; - ensureDBOwnership = true; - } - ]; - }; - caddy.virtualHosts = { ${host}.extraConfig = '' header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Access-Control-Allow-Origin * respond /.well-known/matrix/server `{"m.server": "${host}:443"}` respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${host}"}}` - reverse_proxy /_matrix/* localhost:${builtins.toString port} + reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock ''; }; };