From dc212c3c203f2fb9835ce2648888f8caf35e99dc Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Thu, 12 May 2022 18:03:16 +0900 Subject: Host Element at than.loang.net --- configuration.nix | 18 ++++++----------- element-ipfs.nix | 30 ++++++++++++++++++++++++++++ ipfs.nix | 5 +++++ matrix.nix | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 95 insertions(+), 16 deletions(-) create mode 100644 element-ipfs.nix diff --git a/configuration.nix b/configuration.nix index 9e00c0a..fe0ab32 100644 --- a/configuration.nix +++ b/configuration.nix @@ -28,18 +28,11 @@ in { networking = { domain = "loang.net"; - firewall = { - allowedTCPPorts = [ - 80 # HTTP - 443 # TLS - 1965 # Gemini - 2211 # SSH - 4001 # IPFS - ]; - allowedUDPPorts = [ - 4001 # IPFS - ]; - }; + firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # TLS + 1965 # Gemini + ]; hostName = "brno"; }; @@ -78,6 +71,7 @@ in { openssh = { enable = true; + openFirewall = true; passwordAuthentication = false; ports = [ 2211 ]; }; diff --git a/element-ipfs.nix b/element-ipfs.nix new file mode 100644 index 0000000..7121d32 --- /dev/null +++ b/element-ipfs.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, element-web, ipfs, writeText +, conf ? {}, ipns-key ? "element" }: + +let + element = element-web.override { + conf = conf; + }; + ipfs-add-element = writeText "ipfs-add-element" '' + #!/bin/sh + set -xe + ipfs=${ipfs}/bin/ipfs + element=${element} + path=/ipfs/$($ipfs add --recursive --quieter --pin=false $element) + $ipfs name publish --key=${ipns-key} $path + $ipfs files mkdir -p $(dirname $element) + $ipfs files cp $path $element + ''; +in stdenv.mkDerivation rec { + pname = "element-ipfs"; + inherit (element) version; + + buildInputs = [ element ipfs ]; + + dontUnpack = true; + installPhase = '' + runHook preInstall + install -m755 -D ${ipfs-add-element} $out/bin/ipfs-add-element + runHook postInstall + ''; +} diff --git a/ipfs.nix b/ipfs.nix index a2bf6a3..ace7764 100644 --- a/ipfs.nix +++ b/ipfs.nix @@ -1,6 +1,11 @@ { config, pkgs, ... }: let domain = config.networking.domain; in { + networking.firewall = { + allowedTCPPorts = [ 4001 ]; + allowedUDPPorts = [ 4001 ]; + }; + security.acme.certs.${domain} = { credentialsFile = pkgs.writeText "namesilo.env" '' NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key diff --git a/matrix.nix b/matrix.nix index 6fb9d35..5d34644 100644 --- a/matrix.nix +++ b/matrix.nix @@ -1,5 +1,18 @@ { config, pkgs, ... }: -let domain = config.networking.domain; +let + client = { + "m.homeserver" = { + base_url = "https://${domain}"; + server_name = domain; + }; + "m.identity_server" = { + base_url = ""; # disable + }; + }; + domain = config.networking.domain; + server = { + "m.server" = "${domain}:443"; # unify with client-server + }; in { services = { dendrite = { @@ -25,9 +38,34 @@ in { }; }; - nginx.virtualHosts.${domain}.locations."/_matrix".proxyPass = let - port = toString config.services.dendrite.httpPort; - in "http://localhost:${port}"; + nginx.virtualHosts = { + "${domain}".locations = { + "= /.well-known/matrix/client" = { + extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + ''; + return = "200 '${builtins.toJSON client}'"; + }; + + "= /.well-known/matrix/server" = { + extraConfig = '' + add_header Content-Type application/json; + ''; + return = "200 '${builtins.toJSON server}'"; + }; + + "/_matrix".proxyPass = let + port = toString config.services.dendrite.httpPort; + in "http://localhost:${port}"; + }; + + "than.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:8080"; + }; + }; postgresql = { enable = true; @@ -41,4 +79,16 @@ in { package = pkgs.postgresql; }; }; + + users.users.root.packages = let + element-ipfs = pkgs.callPackage ./element-ipfs.nix { + conf = { + default_server_config = client; + default_theme = "dark"; + room_directory = { + servers = [ "loang.net" ]; + }; + }; + }; + in [ element-ipfs ]; } -- cgit 1.4.1