_: let server_name = "jdonszelmann.nl"; domain = "matrix.${server_name}"; port = 11001; in { services.nginx.virtualHosts.${domain} = { enableACME = true; forceSSL = true; locations."/_matrix" = { proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; }; locations."/_synapse/client" = { proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; }; }; services.nginx.virtualHosts.${server_name} = { enableACME = true; forceSSL = true; locations."/.well-known/matrix/client".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${ builtins.toJSON { "m.homeserver".base_url = "https://${domain}"; "m.identity_server" = { }; } }'; ''; locations."/.well-known/matrix/server".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON { "m.server" = "${domain}:443"; }}'; ''; }; services.matrix-synapse = { enable = true; settings = { inherit server_name; url_preview_enabled = true; url_preview_ip_range_blacklist = [ "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24" "192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32" "203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8" ]; }; extras = [ "url-preview" ]; settings.listeners = [ { inherit port; bind_addresses = [ "::1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" "federation" ]; compress = true; } ]; } ]; settings.registration_shared_secret = "eaU6JgZloozOfFU0tdkYh50CQBs8us0WzTuaaoGDWfwzGPwvABBSVXuqJHh5Pijx"; settings.database = { name = "psycopg2"; args = { database = "matrix"; user = "matrix"; }; }; }; }