nixos-config/profiles/servers/synapse/default.nix

{ config, ... }:
let
  cert-fqdn = "ataraxiadev.com";
in {
  virtualisation.libvirt.guests.debian-matrix = {
    autoStart = true;
    user = config.mainuser;
    group = "libvirtd";
    xmlFile = ./vm.xml;
  };

  networking = let
    libvirt-ifname = "virbr0";
    guest-ip = "192.168.122.11";
    synapse-ports = [ 8081 8448 8766 ];
  in {
    firewall.allowedTCPPorts = synapse-ports;
    nat = {
      enable = true;
      internalInterfaces = [ "br0" ];
      externalInterface = libvirt-ifname;
      forwardPorts = [{
        sourcePort = 8081;
        proto = "tcp";
        destination = "${guest-ip}:8081";
      } {
        sourcePort = 8448;
        proto = "tcp";
        destination = "${guest-ip}:8448";
      } {
        sourcePort = 8766;
        proto = "tcp";
        destination = "${guest-ip}:8766";
      }];
    };
  };

  services.nginx.virtualHosts = let
    proxySettings = ''
      client_max_body_size 50M;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header X-Forwarded-Proto $scheme;
    '';
    default = {
      useACMEHost = cert-fqdn;
      enableACME = false;
      forceSSL = true;
    };
  in {
    "matrix:443" = {
      serverAliases = [
        "matrix.ataraxiadev.com"
        "element.ataraxiadev.com"
      ];
      listen = [{
        addr = "0.0.0.0";
        port = 443;
        ssl = true;
      } {
        addr = "[::]";
        port = 443;
        ssl = true;
      }];
      locations."/" = {
        proxyPass = "http://192.168.122.11:8081";
        extraConfig = ''
          proxy_set_header X-Real-IP $remote_addr;
        '' + proxySettings;
      };
    } // default;
    "matrix:8448" = {
      serverAliases = [ "matrix.ataraxiadev.com" ];
      listen = [{
        addr = "0.0.0.0";
        port = 8448;
        ssl = true;
      } {
        addr = "[::]";
        port = 8448;
        ssl = true;
      }];
      locations."/" = {
        proxyPass = "http://192.168.122.11:8448";
        extraConfig = proxySettings;
      };
    } // default;
  };
}
move coturn to another profile 2024-06-30 13:51:39 +03:00			`{ config, ... }:`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`let`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`cert-fqdn = "ataraxiadev.com";`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`in {`
			`virtualisation.libvirt.guests.debian-matrix = {`
			`autoStart = true;`
			`user = config.mainuser;`
			`group = "libvirtd";`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`xmlFile = ./vm.xml;`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`};`

			`networking = let`
			`libvirt-ifname = "virbr0";`
			`guest-ip = "192.168.122.11";`
			`synapse-ports = [ 8081 8448 8766 ];`
			`in {`
move coturn to another profile 2024-06-30 13:51:39 +03:00			`firewall.allowedTCPPorts = synapse-ports;`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`nat = {`
			`enable = true;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`internalInterfaces = [ "br0" ];`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`externalInterface = libvirt-ifname;`
			`forwardPorts = [{`
			`sourcePort = 8081;`
			`proto = "tcp";`
			`destination = "${guest-ip}:8081";`
			`} {`
			`sourcePort = 8448;`
			`proto = "tcp";`
			`destination = "${guest-ip}:8448";`
			`} {`
			`sourcePort = 8766;`
			`proto = "tcp";`
			`destination = "${guest-ip}:8766";`
			`}];`
			`};`
			`};`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00
			`services.nginx.virtualHosts = let`
			`proxySettings = ''`
fix synapse 2024-04-23 21:37:21 +03:00			`client_max_body_size 50M;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`proxy_set_header Host $host;`
fix synapse 2024-04-23 21:37:21 +03:00			`proxy_set_header X-Forwarded-For $remote_addr;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`proxy_set_header X-Forwarded-Proto $scheme;`
			`'';`
			`default = {`
			`useACMEHost = cert-fqdn;`
			`enableACME = false;`
			`forceSSL = true;`
			`};`
			`in {`
			`"matrix:443" = {`
			`serverAliases = [`
			`"matrix.ataraxiadev.com"`
			`"element.ataraxiadev.com"`
			`];`
			`listen = [{`
			`addr = "0.0.0.0";`
			`port = 443;`
			`ssl = true;`
fix synapse 2024-04-23 21:37:21 +03:00			`} {`
			`addr = "[::]";`
			`port = 443;`
			`ssl = true;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`}];`
			`locations."/" = {`
			`proxyPass = "http://192.168.122.11:8081";`
			`extraConfig = ''`
fix synapse 2024-04-23 21:37:21 +03:00			`proxy_set_header X-Real-IP $remote_addr;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`'' + proxySettings;`
			`};`
			`} // default;`
			`"matrix:8448" = {`
			`serverAliases = [ "matrix.ataraxiadev.com" ];`
			`listen = [{`
			`addr = "0.0.0.0";`
			`port = 8448;`
			`ssl = true;`
fix synapse 2024-04-23 21:37:21 +03:00			`} {`
			`addr = "[::]";`
			`port = 8448;`
			`ssl = true;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`}];`
			`locations."/" = {`
			`proxyPass = "http://192.168.122.11:8448";`
fix synapse 2024-04-23 21:37:21 +03:00			`extraConfig = proxySettings;`
move synapse to home-hypervisor 2024-03-04 00:00:27 +03:00			`};`
			`} // default;`
			`};`
setup synapse vm on nixos-vps 2024-01-18 21:46:51 +03:00			`}`