imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

feat: matrix-tuwunel 😋

Browse Source
This commit is contained in:
imxyy_soope_
2025-08-15 15:27:06 +08:00
parent e5474ffd29
commit 1f60272f14
3 changed files with 101 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
config/hosts/imxyy-nix-server/matrix.nix
View File

@@ -1,45 +1,68 @@
{
services.matrix-synapse = {
config,
secrets,
...
}:
{
sops.secrets.tuwunel-reg-token = {
sopsFile = secrets.tuwunel-reg-token;
format = "binary";
owner = config.services.matrix-tuwunel.user;
group = config.services.matrix-tuwunel.group;
};
services.matrix-tuwunel = {
enable = true;
settings = {
server_name = "matrix.imxyy.top";
public_baseurl = "https://matrix.imxyy.top";
listeners = [
{
port = 8094;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
turn_uris = [ "turns:vkvm.imxyy.top:5349" ];
turn_shared_secret = "ac779a48c03bb451839569d295a29aa6ab8c264277bec2df9c9c7f5e22936288";
turn_user_lifetime = "1h";
database_type = "psycopg2";
database_args.database = "matrix-synapse";
settings.global = {
address = [ "127.0.0.1" ];
port = [ 8094 ];
server_name = "imxyy.top";
allow_registration = true;
registration_token_file = config.sops.secrets.tuwunel-reg-token.path;
};
extraConfigFiles = [
"/var/lib/matrix-synapse/secret"
];
};
services.caddy.virtualHosts."imxyy.top" = {
extraConfig = ''
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
'';
};
services.caddy.virtualHosts."imxyy.top:8448" = {
extraConfig = ''
reverse_proxy :8094
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
'';
};
services.caddy.virtualHosts."matrix.imxyy.top" = {
extraConfig = ''
reverse_proxy :8094
handle_path /_matrix {
reverse_proxy :8094
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
handle_path /_synapse/client {
reverse_proxy :8094
'';
};
services.caddy.virtualHosts."matrix.imxyy.top:8448" = {
extraConfig = ''
reverse_proxy :8094
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
'';
};

21
config/hosts/imxyy-nix-server/net.nix
View File

@@ -377,6 +377,20 @@
customDomains = [ "sy.imxyy.top" ];
}
{
name = "matrix-root-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "imxyy.top" ];
}
{
name = "matrix-root-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "imxyy.top" ];
}
{
name = "matrix-http";
type = "http";
@@ -391,6 +405,13 @@
localPort = 443;
customDomains = [ "matrix.imxyy.top" ];
}
{
name = "matrix-fed";
type = "tcp";
localIP = "127.0.0.1";
localPort = 8448;
remotePort = 8448;
}
{
name = "immich-http";