diff --git a/modules/system/services/server/socialserver/default.nix b/modules/system/services/server/socialserver/default.nix index c49e35f6..ff1a7889 100644 --- a/modules/system/services/server/socialserver/default.nix +++ b/modules/system/services/server/socialserver/default.nix @@ -2,8 +2,8 @@ { imports = [ ./mastodon + ./matrix ./owncast - #./spacebar ]; options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; diff --git a/modules/system/services/server/socialserver/matrix/coturn/default.nix b/modules/system/services/server/socialserver/matrix/coturn/default.nix new file mode 100644 index 00000000..f5766ebb --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/coturn/default.nix @@ -0,0 +1,46 @@ +{ config, lib, ... }: +{ + imports = [ ./nginx ]; + + config = lib.mkIf config.services.matrix-synapse.enable { + services = { + coturn = { + enable = true; + no-cli = true; + no-tcp-relay = true; + min-port = 49000; + max-port = 50000; + use-auth-secret = true; + static-auth-secret = config.secrets.coturnSecret; + realm = "turn.nixfox.ca"; + cert = "/var/lib/acme/${config.services.coturn.realm}/fullchain.pem"; + pkey = "/var/lib/acme/${config.services.coturn.realm}/key.pem"; + }; + + # Enable coturn on Synapse + matrix-synapse.settings = { + turn_uris = [ + "turn:${config.services.coturn.realm}:3478?transport=udp" + "turn:${config.services.coturn.realm}:3478?transport=tcp" + ]; + turn_shared_secret = config.secrets.coturnSecret; + turn_user_lifetime = "1h"; + }; + + # Sync the IP to Cloudflare + cloudflare-dyndns.domains = [ config.services.coturn.realm ]; + }; + + # Open coturn ports + networking.firewall = { + allowedUDPPorts = [ + 3478 + 5349 + ]; + allowedUDPPortRanges = [{ + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + }]; + }; + }; +} diff --git a/modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix b/modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix new file mode 100644 index 00000000..f73bb312 --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/coturn/nginx/default.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: +{ + config = lib.mkIf config.services.coturn.enable { + services.nginx.virtualHosts."turn.nixfox.ca" = { + enableACME = true; + forceSSL = true; + listen = [{ + addr = "0.0.0.0"; + port = 80; + ssl = false; + }]; + locations."/".proxyPass = "http://127.0.0.1:1380"; + }; + + security.acme.certs = { + "turn.nixfox.ca" = { + group = "turnserver"; + postRun = "systemctl restart coturn.service"; + }; + }; + }; +} diff --git a/modules/system/services/server/socialserver/matrix/default.nix b/modules/system/services/server/socialserver/matrix/default.nix new file mode 100644 index 00000000..2a569eee --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./coturn + ./element + ./synapse + ]; +} diff --git a/modules/system/services/server/socialserver/matrix/element/default.nix b/modules/system/services/server/socialserver/matrix/element/default.nix new file mode 100644 index 00000000..68b5b83e --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/element/default.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +{ + imports = [ ./nginx ]; + + config = lib.mkIf config.services.matrix-synapse.enable { + nixpkgs.config.element-web.conf = { + default_server_config."m.homeserver" = { + base_url = "https://matrix.nixfox.ca"; + server_name = "matrix.nixfox.ca"; + }; + branding = { + auth_header_logo_url = "https://www.nixfox.ca/images/copyright/profile.png"; + #welcome_background_url = "https://www.nixfox.ca/images/backgrounds/template-background.png"; + }; + embedded_pages.home_url = "https://www.nixfox.ca/"; + disable_custom_urls = true; + disable_guests = true; + default_theme = "dark"; + }; + }; +} diff --git a/modules/system/services/server/socialserver/matrix/element/nginx/default.nix b/modules/system/services/server/socialserver/matrix/element/nginx/default.nix new file mode 100644 index 00000000..1c085eb3 --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/element/nginx/default.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: +{ + services.nginx.virtualHosts."chat.nixfox.ca" = lib.mkIf config.services.matrix-synapse.enable { + enableACME = true; + addSSL = true; + root = "${pkgs.element-web}"; + }; +} diff --git a/modules/system/services/server/socialserver/matrix/synapse/default.nix b/modules/system/services/server/socialserver/matrix/synapse/default.nix new file mode 100644 index 00000000..2323fd31 --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/synapse/default.nix @@ -0,0 +1,41 @@ +{ config, lib, ... }: +{ + imports = [ ./nginx ]; + + config = lib.mkIf config.system.socialserver.enable { + services.matrix-synapse = { + enable = true; + settings = { + server_name = "nixfox.ca"; + public_baseurl = "https://matrix.nixfox.ca"; + suppress_key_server_warning = true; + + # Email notifications about account status + email = { + notif_from = "NixFox Matrix "; + smtp_host = "mx.nixfox.ca"; + smtp_user = "noreply@nixfox.ca"; + smtp_pass = config.secrets.noreplyPassword; + enable_tls = true; + smtp_port = 587; + require_transport_security = true; + }; + + # Disable registration without email + registrations_require_3pid = [ "email" ]; + + # Set the type of database + database.name = "sqlite3"; + + # Allow account registration + enable_registration = true; + + # General settings + max_upload_size = "60M"; + burst_count = 15; + }; + }; + + environment.persistence."/persist".directories = [ "/var/lib/matrix-synapse" ]; + }; +} diff --git a/modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix b/modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix new file mode 100644 index 00000000..c5d9d5fe --- /dev/null +++ b/modules/system/services/server/socialserver/matrix/synapse/nginx/default.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +{ + services.nginx.virtualHosts."matrix.nixfox.ca" = lib.mkIf config.services.matrix-synapse.enable { + enableACME = true; + forceSSL = true; + locations = { + "/".extraConfig = ''return 403;''; + "/client".proxyPass = "http://127.0.0.1:8008"; + "/_matrix".proxyPass = "http://127.0.0.1:8008"; + "/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + }; + }; +} diff --git a/modules/system/services/server/socialserver/spacebar/default.nix b/modules/system/services/server/socialserver/spacebar/default.nix deleted file mode 100644 index ca0762be..00000000 --- a/modules/system/services/server/socialserver/spacebar/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, spacebar, ... }: -{ - imports = [ - ./nginx - ./user - ]; - - config = lib.mkIf config.system.socialserver.enable { - systemd.services.spacebar-server = { - enable = true; - description = "Spacebar Chat Server"; - documentation = [ "https://docs.spacebar.chat/" ]; - path = [ spacebar.packages.${pkgs.system}.default ]; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - WorkingDirectory = "/var/lib/spacebar"; - ExecStart = "start-bundle"; - Restart = "always"; - User = "spacebar"; - }; - }; - environment.persistence."/persist".directories = [ config.systemd.services.spacebar-server.serviceConfig.WorkingDirectory ]; - }; -} diff --git a/modules/system/services/server/socialserver/spacebar/user/default.nix b/modules/system/services/server/socialserver/spacebar/user/default.nix deleted file mode 100644 index 7ac48758..00000000 --- a/modules/system/services/server/socialserver/spacebar/user/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - users = lib.mkIf config.systemd.services.spacebar-server.enable { - users.spacebar = { - group = "spacebar"; - isSystemUser = true; - uid = 138; - }; - groups.spacebar = {}; - }; -}