imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

feat: matrix-tuwunel 😋

Browse Source
This commit is contained in:
imxyy_soope_
2025-08-15 15:27:06 +08:00
parent e5474ffd29
commit 1f60272f14
3 changed files with 101 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
config/hosts/imxyy-nix-server/matrix.nix
View File

@@ -1,45 +1,68 @@
{ {
services.matrix-synapse = { config,
enable = true; secrets,
settings = { ...
server_name = "matrix.imxyy.top"; }:
public_baseurl = "https://matrix.imxyy.top"; {
listeners = [ sops.secrets.tuwunel-reg-token = {
{ sopsFile = secrets.tuwunel-reg-token;
port = 8094; format = "binary";
bind_addresses = [ "127.0.0.1" ]; owner = config.services.matrix-tuwunel.user;
type = "http"; group = config.services.matrix-tuwunel.group;
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
turn_uris = [ "turns:vkvm.imxyy.top:5349" ];
turn_shared_secret = "ac779a48c03bb451839569d295a29aa6ab8c264277bec2df9c9c7f5e22936288";
turn_user_lifetime = "1h";
database_type = "psycopg2";
database_args.database = "matrix-synapse";
}; };
extraConfigFiles = [ services.matrix-tuwunel = {
"/var/lib/matrix-synapse/secret" enable = true;
]; settings.global = {
address = [ "127.0.0.1" ];
port = [ 8094 ];
server_name = "imxyy.top";
allow_registration = true;
registration_token_file = config.sops.secrets.tuwunel-reg-token.path;
};
};
services.caddy.virtualHosts."imxyy.top" = {
extraConfig = ''
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
'';
};
services.caddy.virtualHosts."imxyy.top:8448" = {
extraConfig = ''
reverse_proxy :8094
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
}
'';
}; };
services.caddy.virtualHosts."matrix.imxyy.top" = { services.caddy.virtualHosts."matrix.imxyy.top" = {
extraConfig = '' extraConfig = ''
reverse_proxy :8094 reverse_proxy :8094
handle_path /_matrix {
reverse_proxy :8094 handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
} }
handle_path /_synapse/client { '';
};
services.caddy.virtualHosts."matrix.imxyy.top:8448" = {
extraConfig = ''
reverse_proxy :8094 reverse_proxy :8094
handle /.well-known/matrix/client {
header Content-Type application/json
header "Access-Control-Allow-Origin" "*"
respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
} }
''; '';
}; };

21
config/hosts/imxyy-nix-server/net.nix
View File

@@ -377,6 +377,20 @@
customDomains = [ "sy.imxyy.top" ]; customDomains = [ "sy.imxyy.top" ];
} }
{
name = "matrix-root-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "imxyy.top" ];
}
{
name = "matrix-root-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "imxyy.top" ];
}
{ {
name = "matrix-http"; name = "matrix-http";
type = "http"; type = "http";
@@ -391,6 +405,13 @@
localPort = 443; localPort = 443;
customDomains = [ "matrix.imxyy.top" ]; customDomains = [ "matrix.imxyy.top" ];
} }
{
name = "matrix-fed";
type = "tcp";
localIP = "127.0.0.1";
localPort = 8448;
remotePort = 8448;
}
{ {
name = "immich-http"; name = "immich-http";

23
secrets/tuwunel-reg-token.txt Normal file
View File

@@ -0,0 +1,23 @@
{
"data": "ENC[AES256_GCM,data:Me4kvuk4WovDtuzKFVOyC0TMyPntio+pOv7lpSowTVgX5IJhBQ==,iv:3gVN817C4EuqUt+pZwLEi4BUr06NJS4jw5TaH/T5qwQ=,tag:uF+b06x1tJNVXf2c+5N7zA==,type:str]",
"sops": {
"age": [
{
"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSA2YVJI\nOGxJZS9qeGhxSWpQZlJ1bEVCUm5ZMjkzNm90Rm50aitFdlZwbHprCkpWaWhINGcv\nSXZJR2pUajBBRnZ5YnRKZk50amIycTBGM3BXMXFJNlNhVEUKLS0tIGd5R2lHV1RW\ncmxlYmRlU2pCbEJHSmRoYThyL2cyak5icTJ3cFJPRjRiVDAKcnKZ2ei+9uwPjf7q\nxyhcFz+JDYv/fRH0/CuwTtDilUOJoQOTWKUNw/e4ImsFomo0Ra4S7HLCScCSMCVc\nQd3Scw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyBoQjVD\nRy82QWNpeHAydkhsLzN0ZldvSzRsM0ljWmVOWnBJdWNuQjBrZlVVCnpNQkZ4bUxT\ncGhVSlFCNHdNMlZWRzBnWi95azJMN2xTN3JoaXB1UXpjSUkKLS0tIDdvZ3p1VnN4\nNy96SmFRdjQ5MVB6dS9kU1VSUUttUXFoVUs5ZDZMbW5yMFEK64rP7bZcOAU1PZd9\nFq3Ba/4I82dRXqhAk8YIiZ6j6z6UdpTtYk3E7Thqx9ZcqUkgpxFbAEi4jhgn028z\nYqH3RA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyB4akZq\nNmtnRUdrSlROS0tJazNjTzhqY0lZUXRiS1l2Q0F6dVRLZUw5dDBFCjRMVmFvM3RZ\nN0lIMGNwcjlXQ0h6TXA1RStxS3BLd01tNnVqaDMwbHdDV1EKLS0tIHBFSXMyNU9J\nL0JucEd2MzFIeTBVakFWdWpGQVJ2MUczd2ZRNkNlTnR2Nk0KKYgjgZtVqgfwda2x\noFgsqP+6VCWN7K2Qo3arfTvyRq1vd9Zs4UUavUDgZDylst5iVIeNhZc0flFBo3Cy\nqs4VDQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-08-15T02:07:33Z",
"mac": "ENC[AES256_GCM,data:MTcdSizIG8UNStgIqzar6bSejAPvSUKj+d7jVVuU/kvEgxA4Mrmv63wUF98fDBs6cgkHojwutLLiUo/4PzKPGccbyL+c2Y1vEkHmFcqMB1OOsl4Yfz/V5DdaDF3JcyNrSPcC8ooCChd7383z11kmE/a2sLkrNIMwIBjx3qNvaY0=,iv:6a2d+T28LI7zem2VfDffGoiafn2EEbtThvJ7e7myBSw=,tag:0ZV+mCyvLRliL+LtZ/WddA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}