dendrite & nextcloud stuff, jillo.oat.zone
This commit is contained in:
parent
c2837a6ac0
commit
749bbcd236
|
@ -174,6 +174,11 @@ in {
|
||||||
dataDir = "/var/lib/terraria";
|
dataDir = "/var/lib/terraria";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
domain = "nextcloud.dark-firepit.cloud";
|
||||||
|
};
|
||||||
|
|
||||||
jmusicbot = let
|
jmusicbot = let
|
||||||
baseOptions = {
|
baseOptions = {
|
||||||
owner = 276416332894044160;
|
owner = 276416332894044160;
|
||||||
|
|
|
@ -151,6 +151,14 @@ in {
|
||||||
proxyPass = "http://127.0.0.1:3436/";
|
proxyPass = "http://127.0.0.1:3436/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# todo: move to flake
|
||||||
|
"jillo.oat.zone" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:15385/";
|
||||||
|
};
|
||||||
|
};
|
||||||
"drawdog.oat.zone" = {
|
"drawdog.oat.zone" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.modules.services.dendrite;
|
cfg = config.modules.services.dendrite;
|
||||||
fullDomain = "matrix." + cfg.hostDomain;
|
fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
|
||||||
maxUploadMegabytes = 600;
|
maxUploadMegabytes = 600;
|
||||||
in {
|
in {
|
||||||
options.modules.services.dendrite = {
|
options.modules.services.dendrite = {
|
||||||
|
@ -17,6 +17,11 @@ in {
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
prefix = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "matrix";
|
||||||
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.port;
|
type = types.port;
|
||||||
default = 8008;
|
default = 8008;
|
||||||
|
@ -34,7 +39,7 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
httpPort = cfg.port;
|
httpPort = cfg.port;
|
||||||
# httpsPort = cfg.port;
|
# httpsPort = cfg.port;
|
||||||
tlsCert = "/var/lib/dendrite_keys/server.cert";
|
tlsCert = "/var/lib/dendrite_keys/server.crt";
|
||||||
tlsKey = "/var/lib/dendrite_keys/server.key";
|
tlsKey = "/var/lib/dendrite_keys/server.key";
|
||||||
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
|
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
|
||||||
environmentFile = "/var/lib/dendrite_keys/registration_secret";
|
environmentFile = "/var/lib/dendrite_keys/registration_secret";
|
||||||
|
@ -62,18 +67,19 @@ in {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
||||||
listen = [
|
#listen = [
|
||||||
{ addr = "0.0.0.0";
|
# { addr = "0.0.0.0";
|
||||||
port = 443;
|
# port = 443;
|
||||||
ssl = true;
|
# ssl = true;
|
||||||
}
|
# }
|
||||||
{ addr = "[::]";
|
# { addr = "[::]";
|
||||||
port = 443;
|
# port = 443;
|
||||||
ssl = true;
|
# ssl = true;
|
||||||
}
|
# }
|
||||||
];
|
#];
|
||||||
|
|
||||||
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||||
|
#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
@ -92,7 +98,7 @@ in {
|
||||||
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
|
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
|
||||||
locations."/.well-known/matrix/client".extraConfig = ''
|
locations."/.well-known/matrix/client".extraConfig = ''
|
||||||
add_header Access-Control-Allow-Origin '*';
|
add_header Access-Control-Allow-Origin '*';
|
||||||
return 200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }';
|
return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ in {
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.nextcloud24;
|
default = pkgs.nextcloud27;
|
||||||
};
|
};
|
||||||
|
|
||||||
domain = mkOption {
|
domain = mkOption {
|
||||||
|
@ -28,10 +28,16 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# vomit inducing
|
||||||
|
# nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
# "openssl-1.1.1w"
|
||||||
|
# ];
|
||||||
|
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = cfg.package;
|
package = cfg.package;
|
||||||
hostName = cfg.domain;
|
hostName = cfg.domain;
|
||||||
|
enableBrokenCiphersForSSE = false;
|
||||||
config = {
|
config = {
|
||||||
dbtype = "pgsql";
|
dbtype = "pgsql";
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
|
|
Loading…
Reference in New Issue