Beginnings of matrix homeserver

secrets/default.nix

@@ -12,8 +12,6 @@
         else "root";
     };
     password.file = ./password.age;
-
+    matrix-priv.file = ./matrix-priv.age;
-    wg-lapserv-private.file = ./wg-lapserv-private.age;
-    wg-laptop-private.file = ./wg-laptop-private.age;
   };
 }

secrets/matrix-priv.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 WCPLrA c0IvTG3SCwKVkf++spIkThhWEs5UhEmj56DPHY9XDEg
+24vOMtcZiN7y89TwMHkM8ybvqHeVzgoIRuvfujMDoC4
+-> ssh-ed25519 7/ziYw mNTwfuRS/r+bM4bYjFxtNE3yzAD5lLE0DAfgovpGulw
+bTm2Kni2fVWNgPGfTFUl2qbraEJbfoYGffWuw2ythb4
+-> ssh-ed25519 GQzYWA ygE1KP4bnhBw4OJW1zUm2ISo/pCfvrfM6kqezd5WsA8
+0Ta0C7nPks6XTjBFgNSQRFr3IBKlSqDDEAReZeJNW9g
+-> ssh-ed25519 MfR7VA qEA4XrMSGp2Mci90tLAGa1qX8miW7sgFX9D7V4paWkc
+T3fqqBOutnRoL+vmpsXbYhvFi5+8aZdYyrJA+Es39+Q
+--- XtEQSLuJwyqoc6ois17xk29vOh1eWfeJsbApBiI+5ww
+DY<JíbÄ4÷Ql.P9|x <>©)Ô
‹PÚ÷¨´<C2A8>‹Ø¹ä©g!ÚÒU€[Á#„U@í?¶–¨bm•
i°¿ô+eõ<×¼0t5@	É4ï,ªíOšbU`ÏfÅ…‹ClÑštøˆÊb%ŒùQìk	NÞ-2¯~/tKQN‰*q<19>!öÖŠï
+¼	cIMVïeæøOˆkïþöׂ<¡°¦!

secrets/secrets.nix

@@ -10,7 +10,5 @@ in {
   "transfer-sh.age".publicKeys = systems;
   "password.age".publicKeys = systems;
   "dcbot.age".publicKeys = systems;
-
+  "matrix-priv.age".publicKeys = systems;
-  "wg-lapserv-private.age".publicKeys = systems;
-  "wg-laptop-private.age".publicKeys = systems;
 }

system/server/default.nix

@@ -1,4 +1,4 @@
 {lib, ...}: {
-  imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix];
+  imports = [./caddy.nix ./transfer-sh.nix ./seafile.nix ./bot.nix ./immich.nix ./matrix.nix];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }

system/server/matrix.nix

@@ -0,0 +1,64 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  database = {
+    connection_string = "postgres:///dendrite?host=/run/postgresql";
+    max_open_conns = 97;
+    max_idle_conns = 5;
+    conn_max_lifetime = -1;
+  };
+in {
+  config = lib.mkIf config.niksos.server {
+    services = {
+      dendrite = {
+        enable = true;
+        httpPort = 9003;
+        settings = {
+          global = {
+            server_name = "matrix.jsw.tf";
+            private_key = "/$CREDENTIALS_DIRECTORY/matrix-server-key"; #nix shell nixpkgs#dendrite; generate-keys --private-key matrix_key.pem
+          };
+
+          global.database = database;
+          app_service_api.database = database;
+          federation_api.database = database;
+          key_server.database = database;
+          media_api.database = database;
+          mscs.database = database;
+          relay_api.database = database;
+          room_server.database = database;
+          sync_api.database = database;
+          user_api.account_database.database = database;
+          user_api.device_database.database = database;
+          sync_api.search.enabled = true;
+        };
+      };
+
+      postgresql = {
+        enable = true;
+        enableTCPIP = false;
+        ensureDatabases = ["dendrite"];
+        ensureUsers = [
+          {
+            name = "dendrite";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
+
+      caddy.virtualHosts."matrix.jsw.tf".extraConfig = ''
+        reverse_proxy /_matrix/* localhost:9003
+      '';
+    };
+
+    systemd.services.dendrite = {
+      serviceConfig.LoadCredential = [
+        # $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key'
+        "matrix-server-key:${config.age.secrets.matrix-priv.path}"
+      ];
+      after = ["postgresql.service"];
+    };
+  };
+}