+35

nixos/profiles/server.nix

··· 70 70 authelia-port = 3008; 71 71 authelia-hostname = "auth.wiro.world"; 72 72 73 73 + matrix-port = 3009; 74 74 + matrix-hostname = "matrix.wiro.world"; 75 75 + 73 76 prometheus-port = 9001; 74 77 prometheus-node-exporter-port = 9002; 75 78 headscale-metrics-port = 9003; ··· 182 185 } 183 186 '' + 184 187 '' 188 188 + reverse_proxy /.well-known/matrix/* http://localhost:${toString matrix-port} 189 189 + '' + 190 190 + '' 185 191 reverse_proxy https://mrnossiom.github.io { 186 192 header_up Host {http.request.host} 187 193 } ··· 221 227 222 228 virtualHosts.${authelia-hostname}.extraConfig = '' 223 229 reverse_proxy http://localhost:${toString authelia-port} 230 230 + ''; 231 231 + 232 232 + virtualHosts.${matrix-hostname}.extraConfig = '' 233 233 + reverse_proxy /_matrix/* http://localhost:${toString matrix-port} 224 234 ''; 225 235 }; 226 236 ··· 457 467 }; 458 468 }; 459 469 }; 470 470 + 471 471 + age.secrets.matrix-env.file = ../../secrets/matrix-env.age; 472 472 + services.matrix-conduit = { 473 473 + enable = true; 474 474 + package = upkgs.matrix-conduit; 475 475 + 476 476 + settings.global = { 477 477 + address = "127.0.0.1"; 478 478 + port = matrix-port; 479 479 + 480 480 + server_name = "wiro.world"; 481 481 + well_known = { 482 482 + client = "https://matrix.wiro.world"; 483 483 + server = "matrix.wiro.world:443"; 484 484 + }; 485 485 + 486 486 + database_backend = "sqlite"; 487 487 + enable_lightning_bolt = false; 488 488 + 489 489 + # Set in `CONDUIT_REGISTRATION_TOKEN` 490 490 + # registration_token = ...; 491 491 + allow_registration = true; 492 492 + }; 493 493 + }; 494 494 + systemd.services.conduit.serviceConfig.EnvironmentFile = config.age.secrets.matrix-env.path; 460 495 }; 461 496 }

+9

secrets/matrix-env.age

··· 1 1 + age-encryption.org/v1 2 2 + -> ssh-ed25519 sMF1bg ynWhH67Y3AynyxoD9WmVKgNTAyb7ktUYUkRniXvfslw 3 3 + hlN/NsBEhTwkeaSdCd6uj/U2X9wi/cFwwjIhDUYWtYQ 4 4 + -> ssh-ed25519 SmMcWg SXQ91ashcl6UJMPAV/7mI950cczhMAJrjcnkdck8DWw 5 5 + mndS8XyN+e1A4WRCU9dJ6bF50wrFnK6GPaJy/HJyMMA 6 6 + -> ssh-ed25519 Q8rMFA g3PNPWKFO8Rf473kBaTuZUnalCI7b8Wl6W9qA7ldv2M 7 7 + 9UfrXGhwc5Fn42UFr1sHIvtFp0QeqAvu4bhkjEolTZs 8 8 + --- vzV9NNriSPI4sc2eiJZ0HlxGG9f+BRwsALPWdmEoG84 9 9 + �m�eqW{kU����/���mb[\���F*<,02MM���x�0��)��+��Zy�Ws-0e��o6Uv�o��0o W>"S��� 8�(#

+2

secrets/secrets.nix

··· 28 28 "authelia-storage-key.age".publicKeys = deploy; 29 29 "authelia-ldap-password.age".publicKeys = deploy; 30 30 "authelia-smtp-password.age".publicKeys = deploy; 31 31 + # Defines `CONDUIT_REGISTRATION_TOKEN` 32 32 + "matrix-env.age".publicKeys = deploy; 31 33 32 34 # Not used in config but useful 33 35 "pgp-ca5e.age".publicKeys = users;