dendrite & nextcloud stuff, jillo.oat.zone

2023-11-24 08:48:12 +01:00 · 2023-11-24 08:48:12 +01:00 · 749bbcd236
parent c2837a6ac0
commit 749bbcd236
4 changed files with 108 additions and 83 deletions
--- a/hosts/lucent-firepit/default.nix
+++ b/hosts/lucent-firepit/default.nix
@ -174,6 +174,11 @@ in {
        dataDir = "/var/lib/terraria";
      };
      nextcloud = {
        enable = true;
        domain = "nextcloud.dark-firepit.cloud";
      };
      jmusicbot = let
        baseOptions = {
          owner = 276416332894044160;
--- a/hosts/lucent-firepit/webapps/default.nix
+++ b/hosts/lucent-firepit/webapps/default.nix
@ -151,6 +151,14 @@ in {
            proxyPass = "http://127.0.0.1:3436/";
          };
        };
        # todo: move to flake
        "jillo.oat.zone" = {
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:15385/";
          };
        };
        "drawdog.oat.zone" = {
          enableACME = true;
          forceSSL = true;
--- a/modules/services/dendrite.nix
+++ b/modules/services/dendrite.nix
@ -3,7 +3,7 @@
 with lib;
 let
  cfg = config.modules.services.dendrite;
-	fullDomain = "matrix." + cfg.hostDomain;
+  fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
  maxUploadMegabytes = 600;
 in {
  options.modules.services.dendrite = {
@ -17,6 +17,11 @@ in {
      default = null;
    };
    prefix = mkOption {
      type = types.str;
      default = "matrix";
    };
    port = mkOption {
      type = types.port;
      default = 8008;
@ -34,7 +39,7 @@ in {
      enable = true;
      httpPort = cfg.port;
      # httpsPort = cfg.port;
-			tlsCert = "/var/lib/dendrite_keys/server.cert";
+      tlsCert = "/var/lib/dendrite_keys/server.crt";
      tlsKey = "/var/lib/dendrite_keys/server.key";
      loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
      environmentFile = "/var/lib/dendrite_keys/registration_secret";
@ -62,18 +67,19 @@ in {
      forceSSL = true;
      enableACME = true;
-			listen = [
+      #listen = [
-				{ addr = "0.0.0.0";
+      #  { addr = "0.0.0.0";
-					port = 443;
+      #    port = 443;
-					ssl = true;
+      #    ssl = true;
-				}
+      #  }
-				{ addr = "[::]";
+      #  { addr = "[::]";
-					port = 443;
+      #    port = 443;
-					ssl = true;
+      #    ssl = true;
-				}
+      #  }
-			];
+      #];
      locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
      #locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
      extraConfig = ''
        proxy_set_header Host $host;
@ -92,7 +98,7 @@ in {
 	    # locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
      locations."/.well-known/matrix/client".extraConfig = ''
        add_header Access-Control-Allow-Origin '*';
-				return 200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }';
+        return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
      '';
    };
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@ -12,7 +12,7 @@ in {
    package = mkOption {
      type = types.package;
-      default = pkgs.nextcloud24;
+      default = pkgs.nextcloud27;
    };
    domain = mkOption {
@ -28,10 +28,16 @@ in {
      }
    ];
    # vomit inducing
    # nixpkgs.config.permittedInsecurePackages = [
    #   "openssl-1.1.1w"
    # ];
    services.nextcloud = {
      enable = true;
      package = cfg.package;
      hostName = cfg.domain;
      enableBrokenCiphersForSSE = false;
      config = {
        dbtype = "pgsql";
        dbuser = "nextcloud";