1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
{
npins,
config,
lib,
pkgs,
...
}:
{
options.zpha.websites."continuwuity.zaphyra.eu".enable = lib.mkEnableOption "";
config = lib.mkIf config.zpha.websites."continuwuity.zaphyra.eu".enable {
dns.zones."zaphyra.eu".subdomains."continuwuity".CNAME = [ "${config.networking.fqdn}." ];
sops.secrets = {
"restic/continuwuity/repositoryPassword" = { };
"restic/continuwuity/sshPrivateKey" = { };
};
common = {
configure.persist.system.dirs = [
"/var/lib/private/continuwuity"
];
services.resticBackup.continuwuity = {
enable = true;
targets = [
"restic-target.fc9f.de"
"isodon.fc9f.de"
];
sshKeyFile = config.sops.secrets."restic/continuwuity/sshPrivateKey".path;
passwordFile = config.sops.secrets."restic/continuwuity/repositoryPassword".path;
paths = [ "/var/lib/private/continuwuity" ];
runBeforeBackup = ''
systemctl stop continuwuity
${lib.getExe pkgs.rsync} -a --exclude /var/lib/private/continuwuity/media /var/lib/private/continuwuity /tmp/continuwuity-database
systemctl start continuwuity
'';
};
};
services.matrix-continuwuity = {
enable = true;
package =
# (npins.continuwuity).outputs.packages.${pkgs.stdenv.hostPlatform.system}.default.overrideAttrs
pkgs.unstable.matrix-continuwuity;
settings = {
global = {
address = [ "::1" ];
trusted_servers = [
"matrix.org"
"tchncs.de"
];
server_name = "zaphyra.eu";
allow_registration = false;
log_to_journald = true;
};
};
};
services.nginx.virtualHosts =
let
matrixServerConfig = {
"m.server" = "continuwuity.zaphyra.eu:443";
};
matrixClientConfig = {
"m.homeserver".base_url = "https://continuwuity.zaphyra.eu/";
"org.matrix.msc4143.rtc_foci" = [
{
type = "livekit";
livekit_service_url = "https://livekit.rtc.matrix.nwex.de";
}
];
};
in
{
"${config.services.matrix-continuwuity.settings.global.server_name}" = {
locations = {
"= /.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS";
add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization";
return 200 '${builtins.toJSON matrixServerConfig}';
'';
"= /.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS";
add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization";
return 200 '${builtins.toJSON matrixClientConfig}';
'';
"/_matrix" = {
proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}";
proxyWebsockets = true;
};
};
};
"continuwuity.zaphyra.eu" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
kTLS = true;
locations = {
"/_matrix" = {
proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}";
proxyWebsockets = true;
};
"/".root = pkgs.cinny.override {
conf = {
defaultHomeserver = 0;
homeserverList = [ config.services.matrix-continuwuity.settings.global.server_name ];
hashRouter.enabled = true;
allowCustomHomesevrers = false;
};
};
};
};
};
};
}