add self-hosted matrix home server

2025-01-30 00:11:19 +08:00 · 2025-01-30 00:11:19 +08:00 · c3e4aaeb16
commit c3e4aaeb16
parent 76690fb9fe
4 changed files with 67 additions and 2 deletions
--- a/nixos/configurations/Cape/default.nix
+++ b/nixos/configurations/Cape/default.nix
@ -22,6 +22,10 @@
    programs = {
      openssh.enable = true;
      tailscale.enable = true;
+      conduwuit = {
+        enable = true;
+        serverName = "im.youthlic.fun";
+      };
      caddy = {
        enable = true;
        baseDomain = "youthlic.fun";
--- a/nixos/modules/programs/conduwuit.nix
+++ b/nixos/modules/programs/conduwuit.nix
@ -0,0 +1,59 @@
+{ config, lib, ... }:
+let
+  cfg = config.youthlic.programs.conduwuit;
+in
+{
+  options = {
+    youthlic.programs.conduwuit = {
+      enable = lib.mkEnableOption "conduwuit";
+      serverName = lib.mkOption {
+        type = lib.types.nonEmptyStr;
+        example = "example.com";
+      };
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      sops.secrets."matrix-reg-token" = {
+        owner = "conduwuit";
+      };
+      systemd.services.conduwuit.serviceConfig = {
+        EnvironmentFile = "${config.sops.secrets.matrix-reg-token.path}";
+      };
+      services.conduwuit = {
+        enable = true;
+        settings = {
+          global = {
+            port = [ 8481 ];
+            address = [
+              "0.0.0.0"
+              "::"
+            ];
+            trusted_servers = [
+              "matrix.org"
+              "mozilla.org"
+              "nichi.co"
+            ];
+            allow_registration = true;
+            server_name = cfg.serverName;
+            new_user_displayname_suffix = "⚡";
+            allow_public_room_directory_over_federation = true;
+            well_known = {
+              client = "https://${cfg.serverName}";
+              server = "${cfg.serverName}:443";
+            };
+          };
+        };
+      };
+    })
+    (lib.mkIf (cfg.enable && config.youthlic.programs.caddy.enable) {
+      services.caddy.virtualHosts = {
+        "${cfg.serverName}" = {
+          extraConfig = ''
+            reverse_proxy 127.0.0.1:8481
+          '';
+        };
+      };
+    })
+  ];
+}
--- a/nixos/modules/programs/default.nix
+++ b/nixos/modules/programs/default.nix
@ -13,5 +13,6 @@
    ./steam.nix
    ./tailscale.nix
    ./transmission.nix
+    ./conduwuit.nix
  ];
 }
--- a/secrets/general.yaml
+++ b/secrets/general.yaml
@ -1,4 +1,5 @@
 atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str]
+matrix-reg-token: ENC[AES256_GCM,data:Cr5560L9gQo/tKUz1sQOAg5dckI6SyDxeNyrjW4oI6qkV8bxUrMaAGnVkkeF9TF9FgAnRb+7Lm+axd2SmkPWnqrLll2NzLC01zXht9Mq9RroAPXFraEV1X1Ge1qAAtkr,iv:42r93HLVDKuDCOYlfem7oi3gcHfhDYiNbFKOCHxim+o=,tag:9hWGQrWHsv2eYNgFlHtfeA==,type:str]
 ssh-private-key:
    deploy: ENC[AES256_GCM,data:tYCsym/IY7uE9is56Qvdm+PxouFPng5hY/nlk/Xsm2qOCjdD2G9PyBTSs4dSil8GYusOdSRAFluCf1awJIHV9CJbCDOBVdzJOeXt19VYm2LQOiU7uOtlhUJYMOyIJjedVpRUfUAI8rQNaANIJ+p40ApnUi3jQbXp66iLZhMs+F2vnWimrorV5if74P+wUCSQEkhWWNBebIlP/JQkmGlS7hSDX9RAUF2m5YzyeTTPEmz/F19Sobq7ws0bxo++v6FiM1Zw/uDPX/NT4h1X/qEu1treRk8eo4+j4ha4OWvM62mecvoPln+Rwp+1q/1Ky0WROFSmIQ0CGJHIwWP4TcDJJeazC/0L5WZAvbHQr6tR7zVeu81OboHfgbrWe4wTzpxGxaRHQVFz+8Q9jpuzYbRnaqUZEfeXQKmSxsmu1SZLIJx/3BFMy8WQnsI0aZJm7Ol/WMY17ikPjC9hFLdzZzDV7zfMIl4TjaFxKpRvWsqtGW55r1IuqnrEFL0M4x9yzGWwT2LQIKqM7AM04phF8Ot8GiNAUPzC5Cm2gwWm,iv:jnNrRZAOsgOiGayLj2mUgODrKMQ66dIYG56G2+1ypYQ=,tag:1jD+1NtWKZye21aTVLTqBw==,type:str]
    tytonidae: ENC[AES256_GCM,data:I1RF/umtOGAuSVoLfwDnN2DG+w1yWqPkhZzM61y5XRSxF2Xq5C/iUJGWeCc+1Hwbw+oEMnm2e57m79Uke0LIJJrw//kRMqNOewQtx2xHkNSscWKCIANoNiDdhlOnB0r0BfXObr0xEu/69ST11lupPGIGQiWhjT1BY7c4NhAhhzfThttQCwznfrX3SfLu4p2Akg6p8QmRcU6h9kox+PK1Im+h956W0dYVnIe4ePZ3NGitQll9hxLxM+agnxF9wDDO+4pQ3i8aadbxLr8ug/boEhBy/e+sOKqzboAiWpuDjfQRUxklz0IxBihK8z6J/AHgXusxs70EdUDKf5sH7RIi95poYqJdl6bKToSCJtuM7JQ/eNTUjHvUZlRvlXSZG4iNypUYTOxSHTFGH7rA0wNeE0sMXkaTfJHD5utZDjxibICW1+BYXam8mTKWhXMUyfAL2bLMRmshxRB81bPnik08axpzJ22oSxZ1AfPz5I98zn/o0bDlAPTRetImQtSN181WrRHCCVUMe4wZIfgQvVryFgfPU06gqztgU2DB22QphXXysHn4p3jbAF3Hqvgq0f+iNXoh6NJLaUD+i7xb,iv:nSTfnDbaS9DZL2WhVgcu8qIPkYH1Zws58yvcIeSZCzk=,tag:JJV7vJylaFOYdVjyeeOt9g==,type:str]
@ -40,8 +41,8 @@ sops:
            a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4
            Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-28T11:01:14Z"
-    mac: ENC[AES256_GCM,data:at4mM7jQW2wHJ2GV+qNMR7tLiR4GmYyQxsY5H7vvER5bHxDlWo7oFNbUkZtKeyQqCyMr+muQlwCzh0duzXD+Jcqy58qXnK3tCdc0cyzcH6JDXFySDCPOz3KBFwMDphHR2RlIsr2l7VKaymsGpPHcsdCXC+7w/xnaO5/gHj2KAb8=,iv:TnIPJkJ3kBzmzXaZGozRRJoQwsBHIIpwFXpqWHi4EBQ=,tag:U+oCX7T+d+vFELf97zf6Fg==,type:str]
+    lastmodified: "2025-01-29T13:44:13Z"
+    mac: ENC[AES256_GCM,data:t+FEBYvgAnfyuexCblrV1Z7JTgd3VCLLRDyhm4+5X7Ci8iZ+46F7w9TBoLLK4buXgEnzF/+Vtmbl1+cPELdkLl4aagvFbGvuR3wpwrfAabVuGlH8aeeNMTGPVU8KT0QBVsYdY7LME71ZN/rAYruyOi/rR5aVKDiYMfBInFCJXOs=,iv:3D8SDGrW7DT19jLHD9WvsSpcrdan1Kj1mGtjMOn2XZw=,tag:sjYS9Mx2yReacpQXBXLGoA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.3