{ pkgs, config, ... }:
{
# Those mautrix bridges rely on old unsafe megolm. Since they only talk to
# localhost, they are safe.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
networking.firewall.allowedTCPPorts = [ 8448 ];
services.nginx = {
# Add well-known for matrix
virtualHosts."morj.men" = {
locations."=/.well-known/matrix/server" = {
alias = let content = pkgs.writeText "well-known-matrix-server" ''
{ "m.server": "matrix.morj.men" }
''; in "${content}";
extraConfig = ''
default_type application/json;
'';
};
locations."=/.well-known/matrix/client" = {
alias = let content = pkgs.writeText "well-known-matrix-client" ''
{ "m.homeserver": { "base_url": "https://matrix.morj.men" }
, "org.matrix.msc3575.proxy": { "url": "https://matrix.morj.men" }
}
''; in "${content}";
extraConfig = ''
default_type application/json;
# https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "X-Requested-With, Content-Type, Authorization";
'';
};
};
virtualHosts."matrix.morj.men" = {
forceSSL = true;
useACMEHost = "morj.men";
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {
proxyPass =
let port = toString config.services.matrix-continuwuity.settings.global.port;
in "http://localhost:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
access_log "/var/log/nginx/access-log-$scheme-$server_name.log";
'';
};
};
services.matrix-continuwuity = {
enable = true;
settings.global = {
allow_registration = false;
allow_federation = true;
server_name = "morj.men";
allow_announcements_check = false;
# options from toml
allow_local_presence = false;
allow_incoming_presence = false;
allow_outgoing_presence = false;
allow_outgoing_read_receipts = true; # Shouldn't be /as/ heavy
allow_outgoing_typing = false;
};
};
services.mautrix-whatsapp = {
enable = true;
settings = {
homeserver = {
address = "https://matrix.morj.men";
domain = "morj.men";
};
appservice = {
hostname = "127.0.0.1";
};
database = {
type = "sqlite3-fk-wal";
uri = "file:/var/lib/mautrix-whatsapp/mautrix-whatsapp.db?_txlock=immediate";
};
bridge.permissions = {
"*" = "relay";
"@admin:morj.men" = "admin";
"@morj:morj.men" = "user";
"@rognar30:morj.men" = "user";
};
bridge.encryption.allow = true;
};
};
services.mautrix-discord = {
enable = true;
settings = {
homeserver = {
address = "https://matrix.morj.men";
domain = "morj.men";
};
appservice = {
hostname = "127.0.0.1";
database.type = "sqlite3-fk-wal";
database.uri = "file:/var/lib/mautrix-discord/mautrix-discord.db?_txlock=immediate";
};
bridge.permissions = {
"*" = "relay";
"@admin:morj.men" = "admin";
"@morj:morj.men" = "user";
};
bridge.encryption.allow = true;
};
};
}