dendrite & nextcloud stuff, jillo.oat.zone

This commit is contained in:
Jill 2023-11-24 08:48:12 +01:00
parent c2837a6ac0
commit 749bbcd236
4 changed files with 108 additions and 83 deletions

View File

@ -174,6 +174,11 @@ in {
dataDir = "/var/lib/terraria"; dataDir = "/var/lib/terraria";
}; };
nextcloud = {
enable = true;
domain = "nextcloud.dark-firepit.cloud";
};
jmusicbot = let jmusicbot = let
baseOptions = { baseOptions = {
owner = 276416332894044160; owner = 276416332894044160;

View File

@ -151,6 +151,14 @@ in {
proxyPass = "http://127.0.0.1:3436/"; proxyPass = "http://127.0.0.1:3436/";
}; };
}; };
# todo: move to flake
"jillo.oat.zone" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:15385/";
};
};
"drawdog.oat.zone" = { "drawdog.oat.zone" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

View File

@ -3,7 +3,7 @@
with lib; with lib;
let let
cfg = config.modules.services.dendrite; cfg = config.modules.services.dendrite;
fullDomain = "matrix." + cfg.hostDomain; fullDomain = "${cfg.prefix}.${cfg.hostDomain}";
maxUploadMegabytes = 600; maxUploadMegabytes = 600;
in { in {
options.modules.services.dendrite = { options.modules.services.dendrite = {
@ -17,6 +17,11 @@ in {
default = null; default = null;
}; };
prefix = mkOption {
type = types.str;
default = "matrix";
};
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 8008; default = 8008;
@ -34,7 +39,7 @@ in {
enable = true; enable = true;
httpPort = cfg.port; httpPort = cfg.port;
# httpsPort = cfg.port; # httpsPort = cfg.port;
tlsCert = "/var/lib/dendrite_keys/server.cert"; tlsCert = "/var/lib/dendrite_keys/server.crt";
tlsKey = "/var/lib/dendrite_keys/server.key"; tlsKey = "/var/lib/dendrite_keys/server.key";
loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ]; loadCredential = [ "private_key:/var/lib/dendrite_keys/private/private_key.pem" ];
environmentFile = "/var/lib/dendrite_keys/registration_secret"; environmentFile = "/var/lib/dendrite_keys/registration_secret";
@ -62,18 +67,19 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [ #listen = [
{ addr = "0.0.0.0"; # { addr = "0.0.0.0";
port = 443; # port = 443;
ssl = true; # ssl = true;
} # }
{ addr = "[::]"; # { addr = "[::]";
port = 443; # port = 443;
ssl = true; # ssl = true;
} # }
]; #];
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}"; locations."/_matrix".proxyPass = "http://127.0.0.1:${toString cfg.port}";
#locations."/_matrix".proxyPass = "https://localhost:${toString cfg.port}";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
@ -92,7 +98,7 @@ in {
# locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'"; # locations."/.well-known/matrix/client".return = "200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'";
locations."/.well-known/matrix/client".extraConfig = '' locations."/.well-known/matrix/client".extraConfig = ''
add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Origin '*';
return 200 '{ \"m.homserver\": { \"base_url\": \"https://${cfg.hostDomain}\"} }'; return 200 '{ \"m.homeserver\": { \"base_url\": \"https://${fullDomain}\"} }';
''; '';
}; };

View File

@ -12,7 +12,7 @@ in {
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.nextcloud24; default = pkgs.nextcloud27;
}; };
domain = mkOption { domain = mkOption {
@ -28,10 +28,16 @@ in {
} }
]; ];
# vomit inducing
# nixpkgs.config.permittedInsecurePackages = [
# "openssl-1.1.1w"
# ];
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = cfg.package; package = cfg.package;
hostName = cfg.domain; hostName = cfg.domain;
enableBrokenCiphersForSSE = false;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";