From 76fad08473687bce7c46772a57d061ae70eec728 Mon Sep 17 00:00:00 2001
From: sephalon <me@sephalon.net>
Date: Wed, 13 Jan 2021 22:20:17 +0100
Subject: [PATCH] nixos/matrix-synapse: enable HTTPS in example (#109230)

The /.well-known endpoint must use HTTPS, see specification:
https://matrix.org/docs/spec/server_server/latest#resolving-server-names.
---
 nixos/modules/services/misc/matrix-synapse.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/modules/services/misc/matrix-synapse.xml b/nixos/modules/services/misc/matrix-synapse.xml
index fbfa838b168..5544c2035fb 100644
--- a/nixos/modules/services/misc/matrix-synapse.xml
+++ b/nixos/modules/services/misc/matrix-synapse.xml
@@ -69,6 +69,9 @@ in {
       # i.e. to delegate from the host being accessible as ${config.networking.domain}
       # to another host actually running the Matrix homeserver.
       "${config.networking.domain}" = {
+        <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+        <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+
         <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> =
           let
             # use 443 instead of the default 8448 port to unite