dotfiles/modules/services/dendrite.nix

{ pkgs, config, lib, options, ... }:

with lib;
let
  cfg = config.modules.services.dendrite;
  fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
  maxUploadMegabytes = 600;
in {
  options.modules.services.dendrite = {
    enable = mkOption {
      type = types.bool;
      default = false;
    };

    hostDomain = mkOption {
      type = types.str;
      default = null;
    };

    prefix = mkOption {
      type = types.str;
      default = "matrix";
    };

    port = mkOption {
      type = types.port;
      default = 8008;
    };
  };

  config = mkIf cfg.enable {
    assertions = [
      { assertion = cfg.hostDomain != null;
        description = "@config.modules.services.dendrite.hostDomain@ must not equal null";
      }
    ];

    services.dendrite = {
      enable = true;
      httpPort = cfg.port;
      # httpsPort = cfg.port;
      tlsCert = "/var/lib/dendrite_keys/server.crt";
      tlsKey = "/var/lib/dendrite_keys/server.key";
      loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
      environmentFile = "/var/lib/dendrite_keys/registration_secret";
      settings = {
        global = {
          server_name = cfg.hostDomain;
          private_key = "/var/lib/dendrite_keys/private/private_key.pem";
          presence = {
            enable_inbound = true;
            enable_outbound = true;
          };
        };
        client_api = {
          registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
        };
        media_api = {
          max_file_size_bytes = maxUploadMegabytes;
          dynamic_thumbnails = true;
        };
      };

    };

    services.nginx.virtualHosts."${fullDomain}" = {
      forceSSL = true;
      enableACME = true;

      #listen = [
      #  { addr = "0.0.0.0";
      #    port = 443;
      #    ssl = true;
      #  }
      #  { addr = "[::]";
      #    port = 443;
      #    ssl = true;
      #  }
      #];

      locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
      #locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";

      extraConfig = ''
        proxy_set_header Host $host;
        proxy_set_header X-RealIP $remote_addr;
        proxy_read_timeout 600;
        client_max_body_size ${toString maxUploadMegabytes}M;
      '';
    };

    services.nginx.virtualHosts."${cfg.hostDomain}" = {
      forceSSL = true;
      enableACME = true;

      locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";

	    # locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
      locations."/.well-known/matrix/client".extraConfig = ''
        add_header Access-Control-Allow-Origin '*';
        return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
      '';
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];
    networking.firewall.allowedUDPPorts = [ 80 443 ];
  };
}
dendrite stuff 2023-09-23 12:02:09 +02:00			`{ pkgs, config, lib, options, ... }:`

			`with lib;`
			`let`
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`cfg = config.modules.services.dendrite;`
			`fullDomain = "${cfg.prefix}.${cfg.hostDomain}";`
dendrite stuff 2023-09-23 12:02:09 +02:00			`maxUploadMegabytes = 600;`
			`in {`
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`options.modules.services.dendrite = {`
			`enable = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`hostDomain = mkOption {`
			`type = types.str;`
			`default = null;`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`prefix = mkOption {`
			`type = types.str;`
			`default = "matrix";`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`port = mkOption {`
			`type = types.port;`
			`default = 8008;`
			`};`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`config = mkIf cfg.enable {`
			`assertions = [`
			`{ assertion = cfg.hostDomain != null;`
			`description = "@config.modules.services.dendrite.hostDomain@ must not equal null";`
			`}`
			`];`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`services.dendrite = {`
			`enable = true;`
			`httpPort = cfg.port;`
			`# httpsPort = cfg.port;`
			`tlsCert = "/var/lib/dendrite_keys/server.crt";`
			`tlsKey = "/var/lib/dendrite_keys/server.key";`
			`loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];`
			`environmentFile = "/var/lib/dendrite_keys/registration_secret";`
			`settings = {`
			`global = {`
			`server_name = cfg.hostDomain;`
			`private_key = "/var/lib/dendrite_keys/private/private_key.pem";`
			`presence = {`
			`enable_inbound = true;`
			`enable_outbound = true;`
			`};`
			`};`
			`client_api = {`
			`registration_shared_secret = "$REGISTRATION_SHARED_SECRET";`
			`};`
			`media_api = {`
			`max_file_size_bytes = maxUploadMegabytes;`
			`dynamic_thumbnails = true;`
			`};`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`services.nginx.virtualHosts."${fullDomain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`#listen = [`
			`# { addr = "0.0.0.0";`
			`# port = 443;`
			`# ssl = true;`
			`# }`
			`# { addr = "[::]";`
			`# port = 443;`
			`# ssl = true;`
			`# }`
			`#];`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";`
			`#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`extraConfig = ''`
			`proxy_set_header Host $host;`
			`proxy_set_header X-RealIP $remote_addr;`
			`proxy_read_timeout 600;`
			`client_max_body_size ${toString maxUploadMegabytes}M;`
			`'';`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`services.nginx.virtualHosts."${cfg.hostDomain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`locations."/.well-known/matrix/server".return = "200 '{ \"m.server\": \"${fullDomain}:443\"}'";`
dendrite stuff 2023-09-23 12:02:09 +02:00
dendrite & nextcloud stuff, jillo.oat.zone 2023-11-24 08:48:12 +01:00			`# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";`
			`locations."/.well-known/matrix/client".extraConfig = ''`
			`add_header Access-Control-Allow-Origin '*';`
			`return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';`
			`'';`
			`};`

			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`networking.firewall.allowedUDPPorts = [ 80 443 ];`
			`};`
dendrite stuff 2023-09-23 12:02:09 +02:00			`}`