summaryrefslogtreecommitdiff
path: root/hosts/kay/modules
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/kay/modules')
-rw-r--r--hosts/kay/modules/cgit.nix28
-rw-r--r--hosts/kay/modules/dendrite.nix109
-rw-r--r--hosts/kay/modules/www.nix47
3 files changed, 184 insertions, 0 deletions
diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix
new file mode 100644
index 0000000..e4bed68
--- /dev/null
+++ b/hosts/kay/modules/cgit.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+let
+ domain = config.userdata.domain;
+ user = config.userdata.user;
+in
+{
+ services = {
+ nginx.virtualHosts."git.${domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ };
+ cgit."git.${domain}" = {
+ enable = true;
+ nginx.virtualHost = "git.${domain}";
+ scanPath = "/var/lib/git";
+ settings = {
+ project-list = "/var/lib/git/project.list";
+ remove-suffix = 1;
+ enable-commit-graph = 1;
+ root-title = "${user}'s git server";
+ root-desc = "how do i learn github anon";
+ source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+ clone-url = "https://git.${domain}/$CGIT_REPO_URL";
+ };
+ };
+ };
+}
diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix
new file mode 100644
index 0000000..4ec2bb3
--- /dev/null
+++ b/hosts/kay/modules/dendrite.nix
@@ -0,0 +1,109 @@
+{ config, lib, pkgs, ... }:
+
+let
+ domain = config.userdata.domain;
+ database = {
+ connection_string = "postgres:///dendrite?host=/run/postgresql";
+ max_open_conns = 90;
+ max_idle_conns = 5;
+ conn_max_lifetime = -1;
+ };
+in
+{
+ sops.secrets."misc/matrix-${domain}" = {};
+
+ services = {
+ postgresql = {
+ enable = true;
+ package = with pkgs; postgresql_15;
+ settings = {
+ log_timezone = config.time.timeZone;
+ listen_addresses = lib.mkForce "";
+ };
+ ensureDatabases = [ "dendrite" ];
+ ensureUsers = [
+ {
+ name = "dendrite";
+ ensurePermissions."DATABASE dendrite" = "ALL PRIVILEGES";
+ }
+ ];
+ };
+
+ dendrite = {
+ enable = true;
+ loadCredential = [
+ "private_key:${config.sops.secrets."misc/matrix-${domain}".path}"
+ ];
+
+ settings = {
+ sync_api.search = {
+ enable = true;
+ index_path = "/var/lib/dendrite/searchindex";
+ };
+ global = {
+ server_name = domain;
+ private_key = "$CREDENTIALS_DIRECTORY/private_key";
+ trusted_third_party_id_servers = [
+ "matrix.org"
+ "vector.im"
+ ];
+ inherit database;
+ };
+ logging = [{
+ type = "std";
+ level = "warn";
+ }];
+ mscs = {
+ inherit database;
+ mscs = [ "msc2836" ];
+ };
+ sync_api = {
+ inherit database;
+ real_ip_header = "X-Real-IP";
+ };
+ media_api = {
+ inherit database;
+ dynamic_thumbnails = true;
+ max_file_size_bytes = 12800000000;
+ };
+ federation_api = {
+ inherit database;
+ send_max_retries = 8;
+ key_perspectives = [{
+ server_name = "matrix.org";
+ keys = [
+ {
+ key_id = "ed25519:auto";
+ public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
+ }
+ {
+ key_id = "ed25519:a_RXGa";
+ public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
+ }
+ ];
+ }];
+ };
+
+ app_service_api = {
+ inherit database;
+ };
+ room_server = {
+ inherit database;
+ };
+ push_server = {
+ inherit database;
+ };
+ relay_api = {
+ inherit database;
+ };
+ key_server = {
+ inherit database;
+ };
+ user_api = {
+ account_database = database;
+ device_database = database;
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix
new file mode 100644
index 0000000..08548e8
--- /dev/null
+++ b/hosts/kay/modules/www.nix
@@ -0,0 +1,47 @@
+{ config, ... }:
+
+let
+ domain = config.userdata.domain;
+ email = config.userdata.email;
+in
+{
+ imports = [
+ ./dendrite.nix
+ ./cgit.nix
+ ];
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = email;
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "${domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ globalRedirect = "www.${domain}";
+
+ extraConfig = ''
+ client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_read_timeout 600;
+ '';
+ locations."/_matrix" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+ };
+ locations."/.well-known/matrix/server".return = ''
+ 200 '{ "m.server": "${domain}:443" }'
+ '';
+ };
+ "www.${domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ root = "/var/www/${domain}";
+ };
+ };
+ };
+}