From c3e4aaeb16775686aa0251c3dd79ac113ed06dff Mon Sep 17 00:00:00 2001 From: ulic-youthlic Date: Thu, 30 Jan 2025 00:11:19 +0800 Subject: [PATCH] add self-hosted matrix home server --- nixos/configurations/Cape/default.nix | 4 ++ nixos/modules/programs/conduwuit.nix | 59 +++++++++++++++++++++++++++ nixos/modules/programs/default.nix | 1 + secrets/general.yaml | 5 ++- 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 nixos/modules/programs/conduwuit.nix diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix index e49cc71..3dc5cee 100644 --- a/nixos/configurations/Cape/default.nix +++ b/nixos/configurations/Cape/default.nix @@ -22,6 +22,10 @@ programs = { openssh.enable = true; tailscale.enable = true; + conduwuit = { + enable = true; + serverName = "im.youthlic.fun"; + }; caddy = { enable = true; baseDomain = "youthlic.fun"; diff --git a/nixos/modules/programs/conduwuit.nix b/nixos/modules/programs/conduwuit.nix new file mode 100644 index 0000000..a5dc846 --- /dev/null +++ b/nixos/modules/programs/conduwuit.nix @@ -0,0 +1,59 @@ +{ config, lib, ... }: +let + cfg = config.youthlic.programs.conduwuit; +in +{ + options = { + youthlic.programs.conduwuit = { + enable = lib.mkEnableOption "conduwuit"; + serverName = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "example.com"; + }; + }; + }; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + sops.secrets."matrix-reg-token" = { + owner = "conduwuit"; + }; + systemd.services.conduwuit.serviceConfig = { + EnvironmentFile = "${config.sops.secrets.matrix-reg-token.path}"; + }; + services.conduwuit = { + enable = true; + settings = { + global = { + port = [ 8481 ]; + address = [ + "0.0.0.0" + "::" + ]; + trusted_servers = [ + "matrix.org" + "mozilla.org" + "nichi.co" + ]; + allow_registration = true; + server_name = cfg.serverName; + new_user_displayname_suffix = "⚡"; + allow_public_room_directory_over_federation = true; + well_known = { + client = "https://${cfg.serverName}"; + server = "${cfg.serverName}:443"; + }; + }; + }; + }; + }) + (lib.mkIf (cfg.enable && config.youthlic.programs.caddy.enable) { + services.caddy.virtualHosts = { + "${cfg.serverName}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:8481 + ''; + }; + }; + }) + ]; +} diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix index b0c02df..66da533 100644 --- a/nixos/modules/programs/default.nix +++ b/nixos/modules/programs/default.nix @@ -13,5 +13,6 @@ ./steam.nix ./tailscale.nix ./transmission.nix + ./conduwuit.nix ]; } diff --git a/secrets/general.yaml b/secrets/general.yaml index 788aca8..be1ca7d 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,4 +1,5 @@ atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str] +matrix-reg-token: ENC[AES256_GCM,data:Cr5560L9gQo/tKUz1sQOAg5dckI6SyDxeNyrjW4oI6qkV8bxUrMaAGnVkkeF9TF9FgAnRb+7Lm+axd2SmkPWnqrLll2NzLC01zXht9Mq9RroAPXFraEV1X1Ge1qAAtkr,iv:42r93HLVDKuDCOYlfem7oi3gcHfhDYiNbFKOCHxim+o=,tag:9hWGQrWHsv2eYNgFlHtfeA==,type:str] ssh-private-key: deploy: ENC[AES256_GCM,data:tYCsym/IY7uE9is56Qvdm+PxouFPng5hY/nlk/Xsm2qOCjdD2G9PyBTSs4dSil8GYusOdSRAFluCf1awJIHV9CJbCDOBVdzJOeXt19VYm2LQOiU7uOtlhUJYMOyIJjedVpRUfUAI8rQNaANIJ+p40ApnUi3jQbXp66iLZhMs+F2vnWimrorV5if74P+wUCSQEkhWWNBebIlP/JQkmGlS7hSDX9RAUF2m5YzyeTTPEmz/F19Sobq7ws0bxo++v6FiM1Zw/uDPX/NT4h1X/qEu1treRk8eo4+j4ha4OWvM62mecvoPln+Rwp+1q/1Ky0WROFSmIQ0CGJHIwWP4TcDJJeazC/0L5WZAvbHQr6tR7zVeu81OboHfgbrWe4wTzpxGxaRHQVFz+8Q9jpuzYbRnaqUZEfeXQKmSxsmu1SZLIJx/3BFMy8WQnsI0aZJm7Ol/WMY17ikPjC9hFLdzZzDV7zfMIl4TjaFxKpRvWsqtGW55r1IuqnrEFL0M4x9yzGWwT2LQIKqM7AM04phF8Ot8GiNAUPzC5Cm2gwWm,iv:jnNrRZAOsgOiGayLj2mUgODrKMQ66dIYG56G2+1ypYQ=,tag:1jD+1NtWKZye21aTVLTqBw==,type:str] tytonidae: ENC[AES256_GCM,data:I1RF/umtOGAuSVoLfwDnN2DG+w1yWqPkhZzM61y5XRSxF2Xq5C/iUJGWeCc+1Hwbw+oEMnm2e57m79Uke0LIJJrw//kRMqNOewQtx2xHkNSscWKCIANoNiDdhlOnB0r0BfXObr0xEu/69ST11lupPGIGQiWhjT1BY7c4NhAhhzfThttQCwznfrX3SfLu4p2Akg6p8QmRcU6h9kox+PK1Im+h956W0dYVnIe4ePZ3NGitQll9hxLxM+agnxF9wDDO+4pQ3i8aadbxLr8ug/boEhBy/e+sOKqzboAiWpuDjfQRUxklz0IxBihK8z6J/AHgXusxs70EdUDKf5sH7RIi95poYqJdl6bKToSCJtuM7JQ/eNTUjHvUZlRvlXSZG4iNypUYTOxSHTFGH7rA0wNeE0sMXkaTfJHD5utZDjxibICW1+BYXam8mTKWhXMUyfAL2bLMRmshxRB81bPnik08axpzJ22oSxZ1AfPz5I98zn/o0bDlAPTRetImQtSN181WrRHCCVUMe4wZIfgQvVryFgfPU06gqztgU2DB22QphXXysHn4p3jbAF3Hqvgq0f+iNXoh6NJLaUD+i7xb,iv:nSTfnDbaS9DZL2WhVgcu8qIPkYH1Zws58yvcIeSZCzk=,tag:JJV7vJylaFOYdVjyeeOt9g==,type:str] @@ -40,8 +41,8 @@ sops: a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-28T11:01:14Z" - mac: ENC[AES256_GCM,data:at4mM7jQW2wHJ2GV+qNMR7tLiR4GmYyQxsY5H7vvER5bHxDlWo7oFNbUkZtKeyQqCyMr+muQlwCzh0duzXD+Jcqy58qXnK3tCdc0cyzcH6JDXFySDCPOz3KBFwMDphHR2RlIsr2l7VKaymsGpPHcsdCXC+7w/xnaO5/gHj2KAb8=,iv:TnIPJkJ3kBzmzXaZGozRRJoQwsBHIIpwFXpqWHi4EBQ=,tag:U+oCX7T+d+vFELf97zf6Fg==,type:str] + lastmodified: "2025-01-29T13:44:13Z" + mac: ENC[AES256_GCM,data:t+FEBYvgAnfyuexCblrV1Z7JTgd3VCLLRDyhm4+5X7Ci8iZ+46F7w9TBoLLK4buXgEnzF/+Vtmbl1+cPELdkLl4aagvFbGvuR3wpwrfAabVuGlH8aeeNMTGPVU8KT0QBVsYdY7LME71ZN/rAYruyOi/rR5aVKDiYMfBInFCJXOs=,iv:3D8SDGrW7DT19jLHD9WvsSpcrdan1Kj1mGtjMOn2XZw=,tag:sjYS9Mx2yReacpQXBXLGoA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3