add matrix server
This commit is contained in:
parent
26219a7381
commit
92abf4d0df
@ -74,6 +74,7 @@ in {
|
|||||||
"pti=off"
|
"pti=off"
|
||||||
"spectre_v2=off"
|
"spectre_v2=off"
|
||||||
"kvm.ignore_msrs=1"
|
"kvm.ignore_msrs=1"
|
||||||
|
"kvm.report_ignored_msrs=0"
|
||||||
"rd.systemd.show_status=auto"
|
"rd.systemd.show_status=auto"
|
||||||
"rd.udev.log_priority=3"
|
"rd.udev.log_priority=3"
|
||||||
];
|
];
|
||||||
|
|||||||
@ -35,6 +35,7 @@ in {
|
|||||||
nixosProfiles.yandex-db
|
nixosProfiles.yandex-db
|
||||||
nixosProfiles.it-tools
|
nixosProfiles.it-tools
|
||||||
nixosProfiles.homepage
|
nixosProfiles.homepage
|
||||||
|
nixosProfiles.matrix
|
||||||
];
|
];
|
||||||
|
|
||||||
deviceSpecific.devInfo = {
|
deviceSpecific.devInfo = {
|
||||||
|
|||||||
@ -42,6 +42,7 @@ with config.deviceSpecific; {
|
|||||||
"pti=off"
|
"pti=off"
|
||||||
"spectre_v2=off"
|
"spectre_v2=off"
|
||||||
"kvm.ignore_msrs=1"
|
"kvm.ignore_msrs=1"
|
||||||
|
"kvm.report_ignored_msrs=0"
|
||||||
];
|
];
|
||||||
|
|
||||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_lqx;
|
kernelPackages = lib.mkDefault pkgs.linuxPackages_lqx;
|
||||||
|
|||||||
@ -15,6 +15,7 @@ in {
|
|||||||
secrets.mailserver-gitea = secrets-default;
|
secrets.mailserver-gitea = secrets-default;
|
||||||
secrets.mailserver-authentik = secrets-default;
|
secrets.mailserver-authentik = secrets-default;
|
||||||
secrets.mailserver-kavita = secrets-default;
|
secrets.mailserver-kavita = secrets-default;
|
||||||
|
secrets.mailserver-synapse = secrets-default;
|
||||||
|
|
||||||
security.acme.certs."mail.ataraxiadev.com" = {
|
security.acme.certs."mail.ataraxiadev.com" = {
|
||||||
webroot = "/var/lib/acme/acme-challenge";
|
webroot = "/var/lib/acme/acme-challenge";
|
||||||
@ -94,6 +95,10 @@ in {
|
|||||||
aliases = [ "seafile" ];
|
aliases = [ "seafile" ];
|
||||||
hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
|
hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
|
||||||
};
|
};
|
||||||
|
"matrix@ataraxiadev.com" = {
|
||||||
|
aliases = [ "matrix" ];
|
||||||
|
hashedPasswordFile = config.secrets.mailserver-synapse.decrypted;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
hierarchySeparator = "/";
|
hierarchySeparator = "/";
|
||||||
localDnsResolver = false;
|
localDnsResolver = false;
|
||||||
|
|||||||
19
profiles/servers/matrix.nix
Normal file
19
profiles/servers/matrix.nix
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
virtualisation.libvirt.guests.arch-matrix = {
|
||||||
|
user = config.mainuser;
|
||||||
|
group = "libvirtd";
|
||||||
|
autoStart = true;
|
||||||
|
memory = 2 * 1024;
|
||||||
|
cpu = {
|
||||||
|
sockets = 1; cores = 1; threads = 1;
|
||||||
|
};
|
||||||
|
devices = {
|
||||||
|
disks = [ { diskFile = "/media/nas/libvirt/images/matrix-server.qcow2"; } ];
|
||||||
|
network = {
|
||||||
|
macAddress = "00:16:3e:5b:49:bf";
|
||||||
|
interfaceType = "bridge";
|
||||||
|
sourceDev = "br0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@ -75,6 +75,13 @@ in {
|
|||||||
"cocalc.ataraxiadev.com"
|
"cocalc.ataraxiadev.com"
|
||||||
"kavita.ataraxiadev.com"
|
"kavita.ataraxiadev.com"
|
||||||
"tools.ataraxiadev.com"
|
"tools.ataraxiadev.com"
|
||||||
|
"home.ataraxiadev.com"
|
||||||
|
|
||||||
|
"matrix.ataraxiadev.com"
|
||||||
|
"cinny.ataraxiadev.com"
|
||||||
|
"dimension.ataraxiadev.com"
|
||||||
|
"stats.ataraxiadev.com"
|
||||||
|
"element.ataraxiadev.com"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -130,70 +137,63 @@ in {
|
|||||||
# };
|
# };
|
||||||
"ataraxiadev.com" = {
|
"ataraxiadev.com" = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:3000";
|
root = "/srv/http/ataraxiadev.com/docroot";
|
||||||
extraConfig = proxySettings;
|
extraConfig = ''
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
locations."/.well-known/matrix" = {
|
||||||
|
proxyPass = "https://matrix.ataraxiadev.com/.well-known/matrix";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
} // default;
|
} // default;
|
||||||
# "ataraxiadev.com" = {
|
"matrix:443" = {
|
||||||
# locations."/" = {
|
serverAliases = [
|
||||||
# root = "/srv/http/ataraxiadev.com/";
|
"matrix.ataraxiadev.com"
|
||||||
# extraConfig = ''
|
"cinny.ataraxiadev.com"
|
||||||
# try_files $uri $uri/ =404;
|
"dimension.ataraxiadev.com"
|
||||||
# '';
|
"element.ataraxiadev.com"
|
||||||
# };
|
"stats.ataraxiadev.com"
|
||||||
# # locations."/.well-known/matrix" = {
|
];
|
||||||
# # proxyPass = "https://matrix.ataraxiadev.com/.well-known/matrix";
|
listen = [{
|
||||||
# # extraConfig = ''
|
addr = "0.0.0.0";
|
||||||
# # proxy_set_header X-Forwarded-For $remote_addr;
|
port = 443;
|
||||||
# # '';
|
ssl = true;
|
||||||
# # };
|
}];
|
||||||
# } // default;
|
|
||||||
# "matrix:443" = {
|
|
||||||
# serverAliases = [
|
|
||||||
# "matrix.ataraxiadev.com"
|
|
||||||
# "cinny.ataraxiadev.com"
|
|
||||||
# "dimension.ataraxiadev.com"
|
|
||||||
# "element.ataraxiadev.com"
|
|
||||||
# "goneb.ataraxiadev.com"
|
|
||||||
# "jitsi.ataraxiadev.com"
|
|
||||||
# "stats.ataraxiadev.com"
|
|
||||||
# ];
|
|
||||||
# listen = [{
|
|
||||||
# addr = "0.0.0.0";
|
|
||||||
# port = 443;
|
|
||||||
# ssl = true;
|
|
||||||
# }];
|
|
||||||
# locations."/" = {
|
|
||||||
# proxyPass = "http://matrix.pve:81";
|
|
||||||
# extraConfig = ''
|
|
||||||
# proxy_hide_header Content-Security-Policy;
|
|
||||||
# '' + proxySettings;
|
|
||||||
# };
|
|
||||||
# } // default;
|
|
||||||
# "matrix:8448" = let
|
|
||||||
# certName = default.useACMEHost;
|
|
||||||
# in with config.security.acme; {
|
|
||||||
# onlySSL = true;
|
|
||||||
# sslCertificate = "${certs.${certName}.directory}/fullchain.pem";
|
|
||||||
# sslCertificateKey = "${certs.${certName}.directory}/key.pem";
|
|
||||||
# sslTrustedCertificate = "${certs.${certName}.directory}/chain.pem";
|
|
||||||
# serverAliases = [ "matrix.ataraxiadev.com" ];
|
|
||||||
# listen = [{
|
|
||||||
# addr = "0.0.0.0";
|
|
||||||
# port = 8448;
|
|
||||||
# ssl = true;
|
|
||||||
# }];
|
|
||||||
# locations."/" = {
|
|
||||||
# proxyPass = "http://matrix.pve:8449";
|
|
||||||
# extraConfig = proxySettings;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
"startpage.ataraxiadev.com" = {
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
root = "/srv/http/startpage.ataraxiadev.com/";
|
proxyPass = "http://matrix.pve:81";
|
||||||
# extraConfig = hardened;
|
extraConfig = ''
|
||||||
|
# proxy_hide_header Content-Security-Policy;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
} // default;
|
} // default;
|
||||||
|
"matrix:8448" = with config.security.acme; {
|
||||||
|
serverAliases = [ "matrix.ataraxiadev.com" ];
|
||||||
|
listen = [{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8448;
|
||||||
|
ssl = true;
|
||||||
|
}];
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://matrix.pve:8449";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
client_max_body_size 50M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
} // default;
|
||||||
|
"home.ataraxiadev.com" = default // authentik {
|
||||||
|
root = { proxyPass = "http://127.0.0.1:3000"; };
|
||||||
|
};
|
||||||
"vw.ataraxiadev.com" = {
|
"vw.ataraxiadev.com" = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:8812";
|
proxyPass = "http://127.0.0.1:8812";
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user