2024-06-30 13:51:39 +03:00
|
|
|
{ config, ... }:
|
2024-01-18 21:46:51 +03:00
|
|
|
let
|
2024-03-04 00:00:27 +03:00
|
|
|
cert-fqdn = "ataraxiadev.com";
|
2024-12-28 11:49:23 +03:00
|
|
|
guest-ip = "10.10.10.20";
|
2024-01-18 21:46:51 +03:00
|
|
|
in {
|
|
|
|
|
virtualisation.libvirt.guests.debian-matrix = {
|
|
|
|
|
autoStart = true;
|
|
|
|
|
user = config.mainuser;
|
|
|
|
|
group = "libvirtd";
|
2024-03-04 00:00:27 +03:00
|
|
|
xmlFile = ./vm.xml;
|
2024-01-18 21:46:51 +03:00
|
|
|
};
|
|
|
|
|
|
2024-12-28 11:49:23 +03:00
|
|
|
networking.firewall = {
|
|
|
|
|
allowedTCPPorts = [ 443 8448 ];
|
|
|
|
|
allowedUDPPorts = [ 443 8448 ];
|
2024-01-18 21:46:51 +03:00
|
|
|
};
|
2024-03-04 00:00:27 +03:00
|
|
|
|
|
|
|
|
services.nginx.virtualHosts = let
|
|
|
|
|
proxySettings = ''
|
2024-04-23 21:37:21 +03:00
|
|
|
client_max_body_size 50M;
|
2024-03-04 00:00:27 +03:00
|
|
|
proxy_set_header Host $host;
|
2024-04-23 21:37:21 +03:00
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
2024-03-04 00:00:27 +03:00
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
'';
|
|
|
|
|
default = {
|
|
|
|
|
useACMEHost = cert-fqdn;
|
|
|
|
|
enableACME = false;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
};
|
|
|
|
|
in {
|
2024-12-28 11:49:23 +03:00
|
|
|
"ataraxiadev.com" = {
|
|
|
|
|
locations."/.well-known/matrix" = {
|
|
|
|
|
proxyPass = "http://${guest-ip}:8080";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
|
proxy_set_header Host matrix.$host;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-04 00:00:27 +03:00
|
|
|
"matrix:443" = {
|
|
|
|
|
serverAliases = [
|
|
|
|
|
"matrix.ataraxiadev.com"
|
|
|
|
|
"element.ataraxiadev.com"
|
|
|
|
|
];
|
|
|
|
|
listen = [{
|
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
|
port = 443;
|
|
|
|
|
ssl = true;
|
2024-04-23 21:37:21 +03:00
|
|
|
} {
|
|
|
|
|
addr = "[::]";
|
|
|
|
|
port = 443;
|
|
|
|
|
ssl = true;
|
2024-03-04 00:00:27 +03:00
|
|
|
}];
|
|
|
|
|
locations."/" = {
|
2024-12-28 11:49:23 +03:00
|
|
|
proxyPass = "http://${guest-ip}:8080";
|
|
|
|
|
extraConfig = proxySettings + ''
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
|
|
|
|
|
# required for browsers to direct them to quic port
|
|
|
|
|
add_header Alt-Svc 'h3=":443"; ma=86400';
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
locations."/synapse-admin" = {
|
|
|
|
|
proxyPass = "http://${guest-ip}:8080";
|
|
|
|
|
extraConfig = proxySettings + ''
|
2024-04-23 21:37:21 +03:00
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
2024-12-28 11:49:23 +03:00
|
|
|
allow 10.10.10.1/24;
|
|
|
|
|
allow 100.64.0.1/24;
|
|
|
|
|
deny all;
|
|
|
|
|
'';
|
2024-03-04 00:00:27 +03:00
|
|
|
};
|
2024-12-28 11:49:23 +03:00
|
|
|
reuseport = true;
|
|
|
|
|
quic = true;
|
2024-03-04 00:00:27 +03:00
|
|
|
} // default;
|
|
|
|
|
"matrix:8448" = {
|
|
|
|
|
serverAliases = [ "matrix.ataraxiadev.com" ];
|
|
|
|
|
listen = [{
|
|
|
|
|
addr = "0.0.0.0";
|
|
|
|
|
port = 8448;
|
|
|
|
|
ssl = true;
|
2024-04-23 21:37:21 +03:00
|
|
|
} {
|
|
|
|
|
addr = "[::]";
|
|
|
|
|
port = 8448;
|
|
|
|
|
ssl = true;
|
2024-03-04 00:00:27 +03:00
|
|
|
}];
|
|
|
|
|
locations."/" = {
|
2024-12-28 11:49:23 +03:00
|
|
|
proxyPass = "http://${guest-ip}:8448";
|
|
|
|
|
extraConfig = proxySettings + ''
|
|
|
|
|
# required for browsers to direct them to quic port
|
|
|
|
|
add_header Alt-Svc 'h3=":8448"; ma=86400';
|
|
|
|
|
'';
|
2024-03-04 00:00:27 +03:00
|
|
|
};
|
2024-12-28 11:49:23 +03:00
|
|
|
reuseport = true;
|
|
|
|
|
quic = true;
|
2024-03-04 00:00:27 +03:00
|
|
|
} // default;
|
|
|
|
|
};
|
2024-01-18 21:46:51 +03:00
|
|
|
}
|
