nixos-config/config/domain-config/fudo.org/matrix.nix

{ matrixHost, matrixServerName, openIdClientId, openIdClientSecret, ... }:

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domainName = "fudo.org";
  zoneName = config.fudo.domains."${domainName}".zone;
  isMatrix = hostname == matrixHost;
  matrixFqdn = "matrix.${domainName}";
in {
  config = {
    fudo = {
      zones."${zoneName}".aliases = {
        element = matrixHost;
        matrix = matrixHost;
      };

      services.matrix = mkIf isMatrix {
        enable = true;
        server-name = matrixServerName;
        hostname = matrixFqdn;
        openid = {
          client-id = openIdClientId;
          client-secret = openIdClientSecret;
          provider = "fudo-auth";
          provider-name = "Fudo Auth";
          issuer = "https://authentik.fudo.org/application/o/matrix/";
        };
      };
    };

    networking.firewall.allowedTCPPorts = [ 8008 8448 ];

    services.nginx.virtualHosts = mkIf isMatrix {
      "${domainName}" = let
        mkWellKnown = data: ''
          add_header Content-Type application/json;
          add_header Access-Control-Allow-Origin *;
          return 200 '${builtins.toJSON data}';
        '';
      in {
        enableACME = true;
        listen = [
          {
            addr = "0.0.0.0";
            port = 8008;
            ssl = false;
          }
          {
            addr = "0.0.0.0";
            port = 8448;
            ssl = true;
          }
          {
            addr = "0.0.0.0";
            port = 80;
            ssl = false;
          }
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
        ];
        locations."/.well-known/matrix/server".extraConfig =
          mkWellKnown { "m.server" = "${matrixFqdn}:443"; };
        locations."/.well-known/matrix/client".extraConfig =
          mkWellKnown { "m.homeserver".base_url = "https://${matrixFqdn}"; };
      };
      # "${matrixFqdn}" = {
      #   locations."^/$".return = "301 https://element.${domainName}";
      # };
      "element.${domainName}" = {
        enableACME = true;
        forceSSL = true;
        root = pkgs.element-web.override {
          conf = {
            default_server_name = domainName;
            default_server_config."m.homeserver".base_url =
              "https://${matrixFqdn}";
            brand = "Fudo";
            room_directory.servers =
              [ "fudo.org" "matrix.org" "libera.chat" "gitter.im" ];
            map_style_url =
              "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";
          };
        };
      };
    };
  };
}
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`{ matrixHost, matrixServerName, openIdClientId, openIdClientSecret, ... }:`

			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`domainName = "fudo.org";`
			`zoneName = config.fudo.domains."${domainName}".zone;`
			`isMatrix = hostname == matrixHost;`
			`matrixFqdn = "matrix.${domainName}";`
			`in {`
			`config = {`
			`fudo = {`
			`zones."${zoneName}".aliases = {`
			`element = matrixHost;`
			`matrix = matrixHost;`
			`};`

			`services.matrix = mkIf isMatrix {`
			`enable = true;`
			`server-name = matrixServerName;`
			`hostname = matrixFqdn;`
			`openid = {`
			`client-id = openIdClientId;`
			`client-secret = openIdClientSecret;`
			`provider = "fudo-auth";`
			`provider-name = "Fudo Auth";`
			`issuer = "https://authentik.fudo.org/application/o/matrix/";`
			`};`
			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [ 8008 8448 ];`

			`services.nginx.virtualHosts = mkIf isMatrix {`
			`"${domainName}" = let`
			`mkWellKnown = data: ''`
			`add_header Content-Type application/json;`
			`add_header Access-Control-Allow-Origin *;`
			`return 200 '${builtins.toJSON data}';`
			`'';`
			`in {`
			`enableACME = true;`
			`listen = [`
			`{`
			`addr = "0.0.0.0";`
			`port = 8008;`
			`ssl = false;`
			`}`
			`{`
			`addr = "0.0.0.0";`
			`port = 8448;`
			`ssl = true;`
			`}`
			`{`
			`addr = "0.0.0.0";`
			`port = 80;`
			`ssl = false;`
			`}`
			`{`
			`addr = "0.0.0.0";`
			`port = 443;`
			`ssl = true;`
			`}`
			`];`
			`locations."/.well-known/matrix/server".extraConfig =`
			`mkWellKnown { "m.server" = "${matrixFqdn}:443"; };`
			`locations."/.well-known/matrix/client".extraConfig =`
			`mkWellKnown { "m.homeserver".base_url = "https://${matrixFqdn}"; };`
			`};`
			`# "${matrixFqdn}" = {`
			`# locations."^/$".return = "301 https://element.${domainName}";`
			`# };`
			`"element.${domainName}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`root = pkgs.element-web.override {`
			`conf = {`
			`default_server_name = domainName;`
			`default_server_config."m.homeserver".base_url =`
			`"https://${matrixFqdn}";`
			`brand = "Fudo";`
			`room_directory.servers =`
			`[ "fudo.org" "matrix.org" "libera.chat" "gitter.im" ];`
			`map_style_url =`
			`"https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx";`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`