diff options
Diffstat (limited to 'hosts/kay/modules')
| -rw-r--r-- | hosts/kay/modules/cgit.nix | 28 | ||||
| -rw-r--r-- | hosts/kay/modules/dendrite.nix | 109 | ||||
| -rw-r--r-- | hosts/kay/modules/www.nix | 47 |
3 files changed, 184 insertions, 0 deletions
diff --git a/hosts/kay/modules/cgit.nix b/hosts/kay/modules/cgit.nix new file mode 100644 index 0000000..e4bed68 --- /dev/null +++ b/hosts/kay/modules/cgit.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: + +let + domain = config.userdata.domain; + user = config.userdata.user; +in +{ + services = { + nginx.virtualHosts."git.${domain}" = { + forceSSL = true; + enableACME = true; + }; + cgit."git.${domain}" = { + enable = true; + nginx.virtualHost = "git.${domain}"; + scanPath = "/var/lib/git"; + settings = { + project-list = "/var/lib/git/project.list"; + remove-suffix = 1; + enable-commit-graph = 1; + root-title = "${user}'s git server"; + root-desc = "how do i learn github anon"; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = "https://git.${domain}/$CGIT_REPO_URL"; + }; + }; + }; +} diff --git a/hosts/kay/modules/dendrite.nix b/hosts/kay/modules/dendrite.nix new file mode 100644 index 0000000..4ec2bb3 --- /dev/null +++ b/hosts/kay/modules/dendrite.nix @@ -0,0 +1,109 @@ +{ config, lib, pkgs, ... }: + +let + domain = config.userdata.domain; + database = { + connection_string = "postgres:///dendrite?host=/run/postgresql"; + max_open_conns = 90; + max_idle_conns = 5; + conn_max_lifetime = -1; + }; +in +{ + sops.secrets."misc/matrix-${domain}" = {}; + + services = { + postgresql = { + enable = true; + package = with pkgs; postgresql_15; + settings = { + log_timezone = config.time.timeZone; + listen_addresses = lib.mkForce ""; + }; + ensureDatabases = [ "dendrite" ]; + ensureUsers = [ + { + name = "dendrite"; + ensurePermissions."DATABASE dendrite" = "ALL PRIVILEGES"; + } + ]; + }; + + dendrite = { + enable = true; + loadCredential = [ + "private_key:${config.sops.secrets."misc/matrix-${domain}".path}" + ]; + + settings = { + sync_api.search = { + enable = true; + index_path = "/var/lib/dendrite/searchindex"; + }; + global = { + server_name = domain; + private_key = "$CREDENTIALS_DIRECTORY/private_key"; + trusted_third_party_id_servers = [ + "matrix.org" + "vector.im" + ]; + inherit database; + }; + logging = [{ + type = "std"; + level = "warn"; + }]; + mscs = { + inherit database; + mscs = [ "msc2836" ]; + }; + sync_api = { + inherit database; + real_ip_header = "X-Real-IP"; + }; + media_api = { + inherit database; + dynamic_thumbnails = true; + max_file_size_bytes = 12800000000; + }; + federation_api = { + inherit database; + send_max_retries = 8; + key_perspectives = [{ + server_name = "matrix.org"; + keys = [ + { + key_id = "ed25519:auto"; + public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; + } + { + key_id = "ed25519:a_RXGa"; + public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; + } + ]; + }]; + }; + + app_service_api = { + inherit database; + }; + room_server = { + inherit database; + }; + push_server = { + inherit database; + }; + relay_api = { + inherit database; + }; + key_server = { + inherit database; + }; + user_api = { + account_database = database; + device_database = database; + }; + }; + }; + }; +} diff --git a/hosts/kay/modules/www.nix b/hosts/kay/modules/www.nix new file mode 100644 index 0000000..08548e8 --- /dev/null +++ b/hosts/kay/modules/www.nix @@ -0,0 +1,47 @@ +{ config, ... }: + +let + domain = config.userdata.domain; + email = config.userdata.email; +in +{ + imports = [ + ./dendrite.nix + ./cgit.nix + ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme = { + acceptTerms = true; + defaults.email = email; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "${domain}" = { + forceSSL = true; + enableACME = true; + globalRedirect = "www.${domain}"; + + extraConfig = '' + client_max_body_size ${toString config.services.dendrite.settings.media_api.max_file_size_bytes}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_read_timeout 600; + ''; + locations."/_matrix" = { + proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; + }; + locations."/.well-known/matrix/server".return = '' + 200 '{ "m.server": "${domain}:443" }' + ''; + }; + "www.${domain}" = { + forceSSL = true; + enableACME = true; + root = "/var/www/${domain}"; + }; + }; + }; +} |