feate(nixos) bfs: matrix, element, bla bla bla

2025-12-05 19:36:53 +00:00
parent 5177f9a1f6
commit 9a5bfa3f80
4 changed files with 46 additions and 19 deletions
--- a/nixos/system/bfs/bfs.nix
+++ b/nixos/system/bfs/bfs.nix
@@ -10,7 +10,6 @@
  ...
 }: let
  xrayPort = 10086;
-  matrixDomain = "accord.tube";
 in {
  # TODO:
  # white list
@@ -24,6 +23,7 @@ in {
    ./voice-tune.nix
    ./matrix.nix
    ./element-rtc.nix
+    ./element.nix
  ];

  currentServer = {
--- a/nixos/system/bfs/element-rtc.nix
+++ b/nixos/system/bfs/element-rtc.nix
@@ -46,23 +46,23 @@ in {
            default_type application/json;
            add_header Access-Control-Allow-Origin *;
          '';
-          return = "200 '{\
-            \"m.homeserver\": {\
-              \"base_url\": \"https://${cfg.matrixDomain}\"\
-            },\
-            \"m.identity_server\": {\
-              \"base_url\": \"https://vector.im\"\
-            },\
-            \"org.matrix.msc3575.proxy\": {\
-              \"url\": \"https://${cfg.matrixDomain}\"\
-            },\
-            \"org.matrix.msc4143.rtc_foci\": [\
-              {\
-                \"type\": \"livekit\",\
-                \"livekit_service_url\": \"https://${cfg.matrixDomain}/livekit/jwt\"\
-              }\
-            ]\
-          }'";
+          return = ''200 '{
+            "m.homeserver": {
+              "base_url": "https://${cfg.matrixDomain}"
+            },
+            "m.identity_server": {
+              "base_url": "https://vector.im"
+            },
+            "org.matrix.msc3575.proxy": {
+              "url": "https://${cfg.matrixDomain}"
+            },
+            "org.matrix.msc4143.rtc_foci": [
+              {
+                "type": "livekit",
+                "livekit_service_url": "https://${cfg.matrixDomain}/livekit/jwt"
+              }
+            ]
+          }' '';
        };

        locations."^~ /livekit/jwt/" = {
@@ -89,7 +89,9 @@ in {
    networking.firewall = {
      enable = true;
      allowedTCPPorts = [
-        8448
+        8080
+        7880
+        7881
      ];
    };
  };
--- a/nixos/system/bfs/element.nix
+++ b/nixos/system/bfs/element.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }: let
+  cfg = config.currentServer.matrix;
+in {
+  config = {
+    services.nginx.virtualHosts."element.${cfg.matrixDomain}" = {
+      enableACME = true;
+      forceSSL = true;
+
+      root = pkgs.element-web.override {
+        conf = {
+          default_server_config = {
+            "m.homeserver".base_url = "https://${cfg.matrixDomain}";
+            "m.identity_server".base_url = "https://vector.im";
+          };
+
+          default_theme = "dark";
+          show_labs_settings = true;
+        };
+      };
+    };
+  };
+}
--- a/nixos/system/bfs/voice-tune.nix
+++ b/nixos/system/bfs/voice-tune.nix
@@ -17,6 +17,9 @@ in {
      allowedUDPPortRanges = [
        { from = 49152; to = 65535; }
      ];
+      allowedTCPPortRanges = [
+        { from = 50000; to = 51000; }
+      ];
    };

    services.matrix-synapse.settings = {