jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migration to continuwuity

Browse source
This commit is contained in:
Jurn Wubben 2025-05-25 19:46:17 +02:00
parent 313cd26122
commit 1bbb3dedcc
3 changed files with 18 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

21
secrets/matrix-registration.age
View file

@ -1,11 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 WCPLrA XGZXUAx6d4swnmjGCMKtUnTmyyjUlHJwWweJLACKXHw -> ssh-ed25519 WCPLrA FteHUNmFHfcuZJY+c30Uolc0BJA0qg4U5S+z1IcAm0A
O7tDm8+1DJlEg2dmjiwZmBoirEK71I2GMA5JbkF3c14 J1LBCTIpC6PwFQT7AgO6NZChoue7Ql/zTn4vShc80wA
-> ssh-ed25519 7/ziYw qWvGzM3dxCa31M4qp3VUHfYuoALGYC0nBCbYRlU/XBA -> ssh-ed25519 7/ziYw bBzAFCm4eLBVzkj87tT42qNIHgCidejw0s7aj6tz+mU
o+4UqGeenrH+dkWglWIY95aInDq/zybiJZzv3Qhoevk IIsIf0Us6UIYpeTZ0kXXAKeHmGdqCN1DubSA6O0D0YQ
-> ssh-ed25519 GQzYWA UbICRYTkeCqHM6Qzl50xBSlCgEl1BvMCSqAjusjfowQ -> ssh-ed25519 GQzYWA 7U/u+uKT2VvLWP6pQupjk/tq1wDPJ3V0rP6p+tidsHM
raXFAddeBL4AhViLzGxviy6kd9F6U4QlMI2SABuEQ08 vHq4pZy9TjZKlNvCAFJ5DPJM95Hm15XCf9aCtXUGrkM
-> ssh-ed25519 MfR7VA tIIPAbmPo1e9SH5gWhQQn5fqEgDlLDmZUBVkWVsvAVY -> ssh-ed25519 MfR7VA fHoviHzOnpbVcL6xOErLkmHbFsFWnxjoMIHcVclw8j4
D03pcUpy06ptfRRG1PfaqMQLuxEGQN/AGdmjVFop8Ko SBoW1uNS/D3JfoQAyEeHgeAXTt2hFFnpqV/V7yumvQw
--- UQs52nFPmuzoQ8C++6tSE5ib+YQ1ap57ZrrzDeTxSL4 --- kPb4ISU9U9Z35ttZbVol0qHuwnkDMSInr/zWE8yTeQk
¯Ì zí ¹\0äãŒ9¹u´T¡$ö±/˜?“3€ ½~Ô!iL]¢£å§{SXgÀ;7â½8аnRâÖšØa2¸ÐÈ0W!@? ´E\¤ùZ[ `E!öó»àוýAÐh™¡h<C2A1>ÖͼÄÉAùŒJ4bä{Ûã‰W3]M
׆·²‡lâ

BIN
secrets/temp.pem
View file

Binary file not shown.

47
system/server/matrix.nix
View file

@ -9,60 +9,27 @@
max_idle_conns = 5; max_idle_conns = 5;
conn_max_lifetime = -1; conn_max_lifetime = -1;
}; };
port = 9003;
host = "matrix.jsw.tf"; host = "matrix.jsw.tf";
in { in {
config = lib.mkIf config.niksos.server { config = lib.mkIf config.niksos.server {
services = { services = {
dendrite = { matrix-continuwuity = {
enable = true; enable = true;
loadCredential = [ global = {
# $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key' unix_socket_path = /run/continuwuity/continuwuity.sock;
"matrix-server-key:${config.age.secrets.matrix-priv.path}" server_name = host;
]; allow_registration = true;
environmentFile = config.age.secrets.matrix-registration.path; # Contains: `REGISTRATION_SHARED_SECRET=verysecretpassword` registration_token_file = config.age.secrets.matrix-registration.path;
# openRegistration = true;
httpPort = port;
settings = {
global = {
inherit database;
server_name = host;
private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key"; #nix shell nixpkgs#dendrite; generate-keys --private-key matrix_key.pem
};
app_service_api.database = database;
federation_api.database = database;
key_server.database = database;
media_api.database = database;
mscs.database = database;
relay_api.database = database;
room_server.database = database;
sync_api.database = database;
user_api.account_database.database = database;
user_api.device_database.database = database;
sync_api.search.enabled = true;
}; };
}; };
postgresql = {
enable = true;
enableTCPIP = false;
ensureDatabases = ["dendrite"];
ensureUsers = [
{
name = "dendrite";
ensureDBOwnership = true;
}
];
};
caddy.virtualHosts = { caddy.virtualHosts = {
${host}.extraConfig = '' ${host}.extraConfig = ''
header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Access-Control-Allow-Origin *
respond /.well-known/matrix/server `{"m.server": "${host}:443"}` respond /.well-known/matrix/server `{"m.server": "${host}:443"}`
respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${host}"}}` respond /.well-known/matrix/client `{"m.homeserver": {"base_url": "https://${host}"}}`
reverse_proxy /_matrix/* localhost:${builtins.toString port} reverse_proxy /_matrix/* unix//run/continuwuity/continuwuity.sock
''; '';
}; };
}; };