# Matrix client and server setup # Copyright (C) 2022-2023 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { config, lib, pkgs, ... }: let inherit (config.networking) domain; client = { "m.homeserver" = { base_url = "https://${domain}"; server_name = domain; }; "m.identity_server" = { base_url = ""; # disable }; }; server = { "m.server" = "${domain}:443"; # unify with client-server }; workingDir = "/var/lib/dendrite"; # hardcoded in service in { services = { dendrite = { enable = true; settings = { app_service_api.database.connection_string = ""; federation_api.database.connection_string = ""; global = { database = { connection_string = "postgres:///dendrite?host=/run/postgresql"; max_open_conns = 90; }; private_key = "${workingDir}/matrix_key.pem"; server_name = domain; trusted_third_party_id_servers = [ ]; }; key_server.database.connection_string = ""; media_api = { database.connection_string = ""; max_file_size_bytes = 123456789; }; mscs = { database.connection_string = ""; mscs = [ "msc2946" ]; # spaces summary }; room_server.database.connection_string = ""; sync_api = { database.connection_string = ""; search.enabled = true; }; user_api = { account_database.connection_string = ""; device_database.connection_string = ""; }; }; }; nginx.virtualHosts = { "${domain}".locations = { "= /.well-known/matrix/client" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; return = "200 '${builtins.toJSON client}'"; }; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; ''; return = "200 '${builtins.toJSON server}'"; }; "/_matrix".proxyPass = let port = toString config.services.dendrite.httpPort; in "http://localhost:${port}"; }; "than.${domain}" = { enableACME = true; forceSSL = true; locations = let noCache = { extraConfig = '' add_header Cache-Control "no-cache"; ''; }; in { "/index.html" = noCache; "/version" = noCache; "/config" = noCache; }; root = pkgs.element-web.override { conf = { default_server_config = client; default_theme = "dark"; features.feature_latex_maths = true; room_directory.servers = [ "loang.net" ]; }; }; }; }; postgresql = { ensureDatabases = [ "dendrite" ]; ensureUsers = [ { name = "dendrite"; ensureDBOwnership = true; } ]; }; postgresqlBackup.databases = [ "dendrite" ]; }; systemd.services.dendrite.serviceConfig = { DynamicUser = lib.mkForce false; User = "dendrite"; Group = "dendrite"; }; users = { users.dendrite = { isSystemUser = true; group = "dendrite"; home = workingDir; }; groups.dendrite = {}; }; }