76 lines
1.7 KiB
Nix
76 lines
1.7 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
let
|
|
fqdn = "matrix.bib3.de";
|
|
in {
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
initialScript = pkgs.writeText "synapse-init.sql" ''
|
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
|
TEMPLATE template0
|
|
LC_COLLATE = "C"
|
|
LC_CTYPE = "C";
|
|
'';
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts.${fqdn} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".extraConfig = ''
|
|
return 404;
|
|
'';
|
|
|
|
locations."/_matrix" = {
|
|
proxyPass = "http://[::1]:8008";
|
|
};
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 0;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
max_upload_size = "100M";
|
|
server_name = fqdn;
|
|
registration_shared_secret = "aKCsb4AQyx7NPLDtyfRSR3ifmCDMb9NDMvaQnCznmI0VTHLNrckKQ8PNKOACYwkU";
|
|
listeners = [
|
|
{
|
|
port = 8008;
|
|
bind_address = "::1";
|
|
type = "http";
|
|
tls = false;
|
|
x_forwarded = true;
|
|
resources = [
|
|
{
|
|
names = [ "client" "federation" ];
|
|
compress = false;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-ldap3 ];
|
|
extraConfig = ''
|
|
password_providers:
|
|
- module: "ldap_auth_provider.LdapAuthProvider"
|
|
config:
|
|
enabled: true
|
|
mode: "search"
|
|
uri: "ldap://bib3.de:389"
|
|
start_tls: true
|
|
base: "ou=users,o=bib3,c=DE"
|
|
attributes:
|
|
uid: "cn"
|
|
mail: "mail"
|
|
name: "givenName"
|
|
'';
|
|
};
|
|
}
|