about summary refs log tree commit diff
diff options
context:
space:
mode:
authorNguyễn Gia Phong <mcsinyx@disroot.org>2022-05-12 18:03:16 +0900
committerNguyễn Gia Phong <mcsinyx@disroot.org>2022-05-12 18:03:16 +0900
commitdc212c3c203f2fb9835ce2648888f8caf35e99dc (patch)
tree7bd8d0a7aecad613a56f29176a6d6f947316de43
parent1c2a3ebe9da70a85589c3adcf5087281a95ac7b4 (diff)
downloadnixos-conf-dc212c3c203f2fb9835ce2648888f8caf35e99dc.tar.gz
Host Element at than.loang.net
-rw-r--r--configuration.nix18
-rw-r--r--element-ipfs.nix30
-rw-r--r--ipfs.nix5
-rw-r--r--matrix.nix58
4 files changed, 95 insertions, 16 deletions
diff --git a/configuration.nix b/configuration.nix
index 9e00c0a..fe0ab32 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -28,18 +28,11 @@ in {
   networking = {
     domain = "loang.net";
 
-    firewall = {
-      allowedTCPPorts = [
-        80 # HTTP
-        443 # TLS
-        1965 # Gemini
-        2211 # SSH
-        4001 # IPFS
-      ];
-      allowedUDPPorts = [
-        4001 # IPFS
-      ];
-    };
+    firewall.allowedTCPPorts = [
+      80 # HTTP
+      443 # TLS
+      1965 # Gemini
+    ];
 
     hostName = "brno";
   };
@@ -78,6 +71,7 @@ in {
 
     openssh = {
       enable = true;
+      openFirewall = true;
       passwordAuthentication = false;
       ports = [ 2211 ];
     };
diff --git a/element-ipfs.nix b/element-ipfs.nix
new file mode 100644
index 0000000..7121d32
--- /dev/null
+++ b/element-ipfs.nix
@@ -0,0 +1,30 @@
+{ lib, stdenv, element-web, ipfs, writeText
+, conf ? {}, ipns-key ? "element" }:
+
+let
+  element = element-web.override {
+    conf = conf;
+  };
+  ipfs-add-element = writeText "ipfs-add-element" ''
+    #!/bin/sh
+    set -xe
+    ipfs=${ipfs}/bin/ipfs
+    element=${element}
+    path=/ipfs/$($ipfs add --recursive --quieter --pin=false $element)
+    $ipfs name publish --key=${ipns-key} $path
+    $ipfs files mkdir -p $(dirname $element)
+    $ipfs files cp $path $element
+  '';
+in stdenv.mkDerivation rec {
+  pname = "element-ipfs";
+  inherit (element) version;
+
+  buildInputs = [ element ipfs ];
+
+  dontUnpack = true;
+  installPhase = ''
+    runHook preInstall
+    install -m755 -D ${ipfs-add-element} $out/bin/ipfs-add-element
+    runHook postInstall
+  '';
+}
diff --git a/ipfs.nix b/ipfs.nix
index a2bf6a3..ace7764 100644
--- a/ipfs.nix
+++ b/ipfs.nix
@@ -1,6 +1,11 @@
 { config, pkgs, ... }:
 let domain = config.networking.domain;
 in {
+  networking.firewall = {
+    allowedTCPPorts = [ 4001 ];
+    allowedUDPPorts = [ 4001 ];
+  };
+
   security.acme.certs.${domain} = {
     credentialsFile = pkgs.writeText "namesilo.env" ''
       NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
diff --git a/matrix.nix b/matrix.nix
index 6fb9d35..5d34644 100644
--- a/matrix.nix
+++ b/matrix.nix
@@ -1,5 +1,18 @@
 { config, pkgs, ... }:
-let domain = config.networking.domain;
+let
+  client = {
+    "m.homeserver" = {
+      base_url = "https://${domain}";
+      server_name = domain;
+    };
+    "m.identity_server" = {
+      base_url = ""; # disable
+    };
+  };
+  domain = config.networking.domain;
+  server = {
+    "m.server" = "${domain}:443"; # unify with client-server
+  };
 in {
   services = {
     dendrite = {
@@ -25,9 +38,34 @@ in {
       };
     };
 
-    nginx.virtualHosts.${domain}.locations."/_matrix".proxyPass = let
-      port = toString config.services.dendrite.httpPort;
-    in "http://localhost:${port}";
+    nginx.virtualHosts = {
+      "${domain}".locations = {
+        "= /.well-known/matrix/client" = {
+          extraConfig = ''
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+          '';
+          return = "200 '${builtins.toJSON client}'";
+        };
+
+        "= /.well-known/matrix/server" = {
+          extraConfig = ''
+            add_header Content-Type application/json;
+          '';
+          return = "200 '${builtins.toJSON server}'";
+        };
+
+        "/_matrix".proxyPass = let
+          port = toString config.services.dendrite.httpPort;
+        in "http://localhost:${port}";
+      };
+
+      "than.${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:8080";
+      };
+    };
 
     postgresql = {
       enable = true;
@@ -41,4 +79,16 @@ in {
       package = pkgs.postgresql;
     };
   };
+
+  users.users.root.packages = let
+    element-ipfs = pkgs.callPackage ./element-ipfs.nix {
+      conf = {
+        default_server_config = client;
+        default_theme = "dark";
+        room_directory = {
+          servers = [ "loang.net" ];
+        };
+      };
+    };
+  in [ element-ipfs ];
 }