{ npins, config, lib, pkgs, ... }: { options.zpha.websites."continuwuity.zaphyra.eu".enable = lib.mkEnableOption ""; config = lib.mkIf config.zpha.websites."continuwuity.zaphyra.eu".enable { dns.zones."zaphyra.eu".subdomains."continuwuity".CNAME = [ "${config.networking.fqdn}." ]; sops.secrets = { "restic/continuwuity/repositoryPassword" = { }; "restic/continuwuity/sshPrivateKey" = { }; }; common = { configure.persist.system.dirs = [ "/var/lib/private/continuwuity" ]; services.resticBackup.continuwuity = { enable = true; targets = [ "restic-target.fc9f.de" "isodon.fc9f.de" ]; sshKeyFile = config.sops.secrets."restic/continuwuity/sshPrivateKey".path; passwordFile = config.sops.secrets."restic/continuwuity/repositoryPassword".path; paths = [ "/var/lib/private/continuwuity" ]; runBeforeBackup = '' systemctl stop continuwuity ${lib.getExe pkgs.rsync} -a --exclude /var/lib/private/continuwuity/media /var/lib/private/continuwuity /tmp/continuwuity-database systemctl start continuwuity ''; }; }; services.matrix-continuwuity = { enable = true; package = # (npins.continuwuity).outputs.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs pkgs.unstable.matrix-continuwuity; settings = { global = { address = [ "::1" ]; trusted_servers = [ "matrix.org" "tchncs.de" ]; server_name = "zaphyra.eu"; allow_registration = false; log_to_journald = true; }; }; }; services.nginx.virtualHosts = let matrixServerConfig = { "m.server" = "continuwuity.zaphyra.eu:443"; }; matrixClientConfig = { "m.homeserver".base_url = "https://continuwuity.zaphyra.eu/"; "org.matrix.msc4143.rtc_foci" = [ { type = "livekit"; livekit_service_url = "https://livekit.rtc.matrix.nwex.de"; } ]; }; in { "${config.services.matrix-continuwuity.settings.global.server_name}" = { locations = { "= /.well-known/matrix/server".extraConfig = '' add_header Content-Type application/json; add_header "Access-Control-Allow-Origin" "*"; add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS"; add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization"; return 200 '${builtins.toJSON matrixServerConfig}'; ''; "= /.well-known/matrix/client".extraConfig = '' add_header Content-Type application/json; add_header "Access-Control-Allow-Origin" "*"; add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS"; add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization"; return 200 '${builtins.toJSON matrixClientConfig}'; ''; "/_matrix" = { proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}"; proxyWebsockets = true; }; }; }; "continuwuity.zaphyra.eu" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; locations = { "/_matrix" = { proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}"; proxyWebsockets = true; }; "/".root = pkgs.cinny.override { conf = { defaultHomeserver = 0; homeserverList = [ config.services.matrix-continuwuity.settings.global.server_name ]; hashRouter.enabled = true; allowCustomHomesevrers = false; }; }; }; }; }; }; }