diff --git a/flake.lock b/flake.lock index 1de4d98..74c4251 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,58 @@ "type": "github" } }, + "conduit": { + "inputs": { + "crane": "crane", + "fenix": "fenix", + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1690642842, + "narHash": "sha256-Oy6bCEHHfZNrv8LX9UQ0iO57xAYSWUK/cA71QarK5os=", + "owner": "famedly", + "repo": "conduit", + "rev": "2b4a6c96eee95c5efe43803d247469fd6d67075f", + "type": "gitlab" + }, + "original": { + "owner": "famedly", + "repo": "conduit", + "type": "gitlab" + } + }, + "crane": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "conduit", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1688772518, + "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -46,7 +98,7 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -68,14 +120,36 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1689488573, + "narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "39096fe3f379036ff4a5fa198950b8e79defe939", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -100,6 +174,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -283,7 +373,7 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": [ "flake-utils" ], @@ -312,6 +402,7 @@ "root": { "inputs": { "agenix": "agenix", + "conduit": "conduit", "deploy-rs": "deploy-rs", "flake-parts": "flake-parts", "flake-utils": "flake-utils", @@ -324,6 +415,50 @@ "pre-commit-hooks": "pre-commit-hooks" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1689441253, + "narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "conduit", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688351637, + "narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f9b92316727af9e6c7fee4a761242f7f46880329", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 1172e31..4461c83 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,12 @@ inputs.flake-utils.follows = "flake-utils"; }; + conduit = { + url = "gitlab:famedly/conduit"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.flake-utils.follows = "flake-utils"; + }; + nvim-kitty-navigator = { url = "github:hermitmaster/nvim-kitty-navigator"; flake = false; @@ -46,7 +52,7 @@ outputs = { self, nixpkgs, nixpkgs-unstable, nixos-hardware, flake-parts , flake-utils, home-manager, nur, agenix, deploy-rs, pre-commit-hooks - , nvim-kitty-navigator }@inputs: + , nvim-kitty-navigator, ... }@inputs: inputs.flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" "aarch64-linux" ]; imports = [ ]; diff --git a/services/matrix/conduit.nix b/services/matrix/conduit.nix new file mode 100644 index 0000000..33b3cf6 --- /dev/null +++ b/services/matrix/conduit.nix @@ -0,0 +1,52 @@ +{ inputs, config, pkgs, ... }: + +let + server_name = "felschr.com"; + domain = "matrix.${server_name}"; +in { + services.matrix-conduit = { + enable = true; + package = inputs.conduit.packages.${pkgs.system}.default; + settings.global = { + inherit server_name; + database_backend = "rocksdb"; + trusted_servers = [ "matrix.org" "libera.chat" "nixos.org" ]; + }; + }; + + services.nginx.virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + locations."/_matrix/" = { + proxyPass = "http://[::1]:${ + toString config.services.matrix-conduit.settings.global.port + }"; + proxyWebsockets = true; + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + + services.nginx.virtualHosts.${server_name} = { + enableACME = true; + forceSSL = true; + locations = let + server = { "m.server" = "${domain}:443"; }; + client = { + "m.homeserver"."base_url" = "https://${domain}"; + "m.identity_server"."base_url" = "https://vector.im"; + }; + in { + "= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + "= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; + }; +} diff --git a/services/matrix/default.nix b/services/matrix/default.nix index ff3a114..4dcebab 100644 --- a/services/matrix/default.nix +++ b/services/matrix/default.nix @@ -1,5 +1,5 @@ { ... }: { - imports = [ ./dendrite.nix ./element.nix ]; + imports = [ ./conduit.nix ./element.nix ]; } diff --git a/services/matrix/dendrite.nix b/services/matrix/dendrite.nix index 8e447e2..31cf1f9 100644 --- a/services/matrix/dendrite.nix +++ b/services/matrix/dendrite.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: let - inherit (config.services) dendrite; server_name = "felschr.com"; domain = "matrix.${server_name}"; database = { @@ -87,6 +86,7 @@ in { server = { "m.server" = "${domain}:443"; }; client = { "m.homeserver"."base_url" = "https://${domain}"; + "org.matrix.msc3575.proxy"."url" = "https://${domain}"; "m.identity_server"."base_url" = "https://vector.im"; }; in { diff --git a/services/matrix/element.nix b/services/matrix/element.nix index cf80adb..aa8cc99 100644 --- a/services/matrix/element.nix +++ b/services/matrix/element.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: let - inherit (config.services.dendrite.settings.global) server_name; + inherit (config.services.matrix-conduit.settings.global) server_name; matrix_host = "matrix.${server_name}"; in { services.nginx.virtualHosts."element.felschr.com" = {