diff --git a/nixos/homes/palo/packages/development.nix b/nixos/homes/palo/packages/development.nix index c182d2b..213f661 100644 --- a/nixos/homes/palo/packages/development.nix +++ b/nixos/homes/palo/packages/development.nix @@ -43,8 +43,6 @@ with lib; ]; }) { - - home.packages = let pandocScript = { inputFormat, outputFormat }: @@ -80,8 +78,8 @@ with lib; ijq # nomad - unstable.nomad - wander + #unstable.nomad + #wander # terraform unstable.terragrunt diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix index 5b4010e..3e307f7 100644 --- a/nixos/machines/orbi/configuration.nix +++ b/nixos/machines/orbi/configuration.nix @@ -34,7 +34,7 @@ #./sync-torrent.nix #./social-jitsi.nix - ./social-matrix.nix + #./social-matrix.nix # matrix # ------ diff --git a/nixos/machines/orbi/social-matrix.nix b/nixos/machines/orbi/social-matrix.nix index a20c502..e0764b2 100644 --- a/nixos/machines/orbi/social-matrix.nix +++ b/nixos/machines/orbi/social-matrix.nix @@ -2,8 +2,7 @@ let inherit (config.services.dendrite.settings.global) server_name; - - nginx-vhost = "matrix.terranix.org"; + fqdn = "matrix.terranix.org"; element-web-terranix.org = pkgs.runCommand "element-web-with-config" { @@ -26,9 +25,65 @@ in config = { config, pkgs, lib, ... }: { system.stateVersion = "23.11"; services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + "${fqdn}" = { + enableACME = true; + forceSSL = true; + # It's also possible to do a redirect here or something else, this vhost is not + # needed for Matrix. It's recommended though to *not put* element + # here, see also the section about Element. + locations."/".extraConfig = '' + return 404; + ''; + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://[::1]:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + }; + }; + }; + + services.matrix-synapse = { + enable = true; + settings.server_name = config.networking.domain; + # The public base URL value must match the `base_url` value set in `clientConfig` above. + # The default value here is based on `server_name`, so if your `server_name` is different + # from the value of `fqdn` above, you will likely run into some mismatched domain names + # in client applications. + settings.public_baseurl = baseUrl; + settings.listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + names = [ "client" "federation" ]; + compress = true; + }]; + } + ]; + }; + # $ nix-shell -p dendrite --run 'generate-keys --private-key /tmp/key' #sops.secrets.matrix-server-key = { }; diff --git a/terraform/terranix.org/targets/namecheap/README.md b/terraform/terranix.org/targets/namecheap/README.md new file mode 100644 index 0000000..4a52860 --- /dev/null +++ b/terraform/terranix.org/targets/namecheap/README.md @@ -0,0 +1,5 @@ +# Troubleshooting + +You have to whitelist your IP in the namecheap WebUI. + +`Profile -> Tools -> Namecheap API Access` diff --git a/terraform/terranix.org/targets/namecheap/main.tf b/terraform/terranix.org/targets/namecheap/main.tf index dde4bd0..009176d 100644 --- a/terraform/terranix.org/targets/namecheap/main.tf +++ b/terraform/terranix.org/targets/namecheap/main.tf @@ -34,7 +34,7 @@ resource "namecheap_domain_records" "terranix" { address = "144.76.13.147" hostname = "matrix" mx_pref = 10 - ttl = local.normal_ttl + ttl = local.short_ttl type = "A" } record {