90 lines
2.0 KiB
Nix
90 lines
2.0 KiB
Nix
{ config, ... }:
|
|
let
|
|
cert-fqdn = "ataraxiadev.com";
|
|
in {
|
|
virtualisation.libvirt.guests.debian-matrix = {
|
|
autoStart = true;
|
|
user = config.mainuser;
|
|
group = "libvirtd";
|
|
xmlFile = ./vm.xml;
|
|
};
|
|
|
|
networking = let
|
|
libvirt-ifname = "virbr0";
|
|
guest-ip = "192.168.122.11";
|
|
synapse-ports = [ 8081 8448 8766 ];
|
|
in {
|
|
firewall.allowedTCPPorts = synapse-ports;
|
|
nat = {
|
|
enable = true;
|
|
internalInterfaces = [ "br0" ];
|
|
externalInterface = libvirt-ifname;
|
|
forwardPorts = [{
|
|
sourcePort = 8081;
|
|
proto = "tcp";
|
|
destination = "${guest-ip}:8081";
|
|
} {
|
|
sourcePort = 8448;
|
|
proto = "tcp";
|
|
destination = "${guest-ip}:8448";
|
|
} {
|
|
sourcePort = 8766;
|
|
proto = "tcp";
|
|
destination = "${guest-ip}:8766";
|
|
}];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts = let
|
|
proxySettings = ''
|
|
client_max_body_size 50M;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
default = {
|
|
useACMEHost = cert-fqdn;
|
|
enableACME = false;
|
|
forceSSL = true;
|
|
};
|
|
in {
|
|
"matrix:443" = {
|
|
serverAliases = [
|
|
"matrix.ataraxiadev.com"
|
|
"element.ataraxiadev.com"
|
|
];
|
|
listen = [{
|
|
addr = "0.0.0.0";
|
|
port = 443;
|
|
ssl = true;
|
|
} {
|
|
addr = "[::]";
|
|
port = 443;
|
|
ssl = true;
|
|
}];
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.122.11:8081";
|
|
extraConfig = ''
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
'' + proxySettings;
|
|
};
|
|
} // default;
|
|
"matrix:8448" = {
|
|
serverAliases = [ "matrix.ataraxiadev.com" ];
|
|
listen = [{
|
|
addr = "0.0.0.0";
|
|
port = 8448;
|
|
ssl = true;
|
|
} {
|
|
addr = "[::]";
|
|
port = 8448;
|
|
ssl = true;
|
|
}];
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.122.11:8448";
|
|
extraConfig = proxySettings;
|
|
};
|
|
} // default;
|
|
};
|
|
}
|