diff --git a/fili/services/default.nix b/fili/services/default.nix index 618c72d..2fd9656 100644 --- a/fili/services/default.nix +++ b/fili/services/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./nginx.nix ./databases.nix + ./matrix-synapse.nix ./media ]; } diff --git a/fili/services/matrix-synapse.nix b/fili/services/matrix-synapse.nix index e4d4105..ed1562c 100644 --- a/fili/services/matrix-synapse.nix +++ b/fili/services/matrix-synapse.nix @@ -1,16 +1,42 @@ _: let server_name = "jdonszelmann.nl"; + domain = "matrix.${server_name}"; port = 11001; -in { - services.nginx.virtualHosts.${server_name} = { +in +{ + services.nginx.virtualHosts.${domain} = { enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://[::1]:${port}"; + locations."/_matrix" = { + proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; }; + locations."/_synapse/client" = { + proxyPass = "http://[::1]:${toString port}"; + proxyWebsockets = true; + }; + }; + + services.nginx.virtualHosts.${server_name} = { + enableACME = true; + forceSSL = true; + locations."/.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${ + builtins.toJSON { + "m.homeserver".base_url = "https://${domain}"; + "m.identity_server" = { }; + } + }'; + ''; + locations."/.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON { "m.server" = "${domain}:443"; }}'; + ''; }; services.matrix-synapse = { diff --git a/fili/services/nginx.nix b/fili/services/nginx.nix index 19f84dd..3d1b7c6 100644 --- a/fili/services/nginx.nix +++ b/fili/services/nginx.nix @@ -12,12 +12,11 @@ _: { }; networking.firewall.allowedTCPPorts = [ - 79 - 442 + 80 + 443 ]; security.acme.defaults.email = "jana@donsz.nl"; security.acme.acceptTerms = true; security.acme.preliminarySelfsigned = true; - }