hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: matrix: diferent servers one home server

Browse Source
This commit is contained in:
yukkop
2026-05-25 07:11:43 +00:00
parent ecabc0b6c2
commit e29f09a694
1 changed files with 122 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
nixos/system/bfs.poland.xray/bfs.poland.xray.nix
View File

@@ -8,7 +8,17 @@
modulesPath,
config,
...
}: {
}: let
matrixBackend = "https://128.140.75.58";
matrixHost = "accord.tube";
elementEntryDomain = "element.bfs.band";
polandEntryDomain = "bfs.band";
backendProxyConfig = ''
proxy_ssl_server_name on;
proxy_ssl_name ${matrixHost};
proxy_set_header Host ${matrixHost};
'';
in {
imports = [
self.nixosModules.xray-system
self.nixosModules.matrix-cluster
@@ -35,12 +45,122 @@
passwordFile = config.sops.secrets."matrix/postgres-replication-password".path;
};
acme = {
enable = true;
enable = false;
porkbunApiKeyFile = config.sops.secrets."matrix/porkbun-api-key".path;
porkbunSecretApiKeyFile = config.sops.secrets."matrix/porkbun-secret-api-key".path;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "security@bfs.band";
};
services.nginx = {
enable = true;
virtualHosts.${polandEntryDomain} = {
enableACME = true;
forceSSL = true;
locations."/".return = "302 https://${elementEntryDomain}";
locations."=/.well-known/matrix/client" = {
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "X-Requested-With, Content-Type, Authorization";
'';
return = ''200 '{
"m.homeserver": {
"base_url": "https://${polandEntryDomain}"
},
"m.identity_server": {
"base_url": "https://vector.im"
},
"org.matrix.msc3575.proxy": {
"url": "https://${polandEntryDomain}"
},
"org.matrix.msc4143.rtc_foci": [
{
"type": "livekit",
"livekit_service_url": "https://${polandEntryDomain}/livekit/jwt"
}
]
}' '';
};
locations."= /livekit/jwt" = {
proxyPass = "${matrixBackend}/livekit/jwt";
extraConfig = backendProxyConfig;
};
locations."^~ /livekit/jwt/" = {
proxyPass = "${matrixBackend}/livekit/jwt/";
extraConfig = backendProxyConfig;
};
locations."= /livekit/sfu" = {
proxyPass = "${matrixBackend}/livekit/sfu";
proxyWebsockets = true;
extraConfig = backendProxyConfig + ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
locations."^~ /livekit/sfu/" = {
proxyPass = "${matrixBackend}/livekit/sfu/";
proxyWebsockets = true;
extraConfig = backendProxyConfig + ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
locations."^~ /_matrix/" = {
proxyPass = "${matrixBackend}/_matrix/";
extraConfig = backendProxyConfig;
};
locations."^~ /_synapse/client/" = {
proxyPass = "${matrixBackend}/_synapse/client/";
extraConfig = backendProxyConfig;
};
};
virtualHosts.${elementEntryDomain} = {
enableACME = true;
forceSSL = true;
locations."= /config.${elementEntryDomain}.json".return = "302 /config.json";
root = pkgs.element-web.override {
conf = {
default_server_config = {
"m.homeserver".base_url = "https://${polandEntryDomain}";
"m.homeserver".server_name = matrixHost;
"m.identity_server".base_url = "https://vector.im";
};
room_directory.servers = [ matrixHost ];
default_theme = "dark";
show_labs_settings = true;
};
};
};
};
sops.secrets."matrix/signing-key" = {
key = "matrix/signing-key";
owner = "matrix-synapse";