From e9ed4ea7ed2a35599e9b83f87b0e543cab782907 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Mon, 26 Jun 2023 12:55:25 +0200
Subject: l prism.r: add matrix service

---
 lass/1systems/prism/config.nix |  1 +
 lass/2configs/matrix.nix       | 80 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 lass/2configs/matrix.nix

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index e1f92c51e..1faa23ec3 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -138,6 +138,7 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/services/coms/jitsi.nix>
     <stockholm/lass/2configs/fysiirc.nix>
     <stockholm/lass/2configs/bgt-bot>
+    <stockholm/lass/2configs/matrix.nix>
     <stockholm/krebs/2configs/mastodon-proxy.nix>
     {
       services.tor = {
diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix
new file mode 100644
index 000000000..cdcbe7ab0
--- /dev/null
+++ b/lass/2configs/matrix.nix
@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  services.matrix-synapse = {
+    # synapse 1.60.0 errors during startup with:
+    # https://github.com/matrix-org/synapse/issues/15809
+    package = pkgs.matrix-synapse.overrideAttrs (oldAttrs: rec {
+      version = "1.85.2";
+      name = "matrix-synapse-${version}";
+      src = pkgs.fetchFromGitHub {
+        owner = "matrix-org";
+        repo = "synapse";
+        rev = "v${version}";
+        hash = "sha256-pFafBsisBPfpDnFYWcimUuBgfFVPZzLna3yHeqIBAAE=";
+      };
+      cargoDeps = pkgs.rustPlatform.fetchCargoTarball {
+        inherit src;
+        name = "matrix-synapse-${version}";
+        hash = "sha256-dnno+5Ma0YNYpmj3oZ5UG22uAanKwVT67BwQW+mHoFc=";
+      };
+      doCheck = false;
+    });
+    enable = true;
+    settings = {
+      server_name = "lassul.us";
+      # registration_shared_secret = "yolo";
+      database.name = "sqlite3";
+      turn_uris  = [
+        "turn:turn.matrix.org?transport=udp"
+        "turn:turn.matrix.org?transport=tcp"
+      ];
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = [ "::1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = [ "client" ];
+              compress = true;
+            }
+            {
+              names = [ "federation" ];
+              compress = false;
+            }
+          ];
+        }
+      ];
+    };
+  };
+  services.nginx = {
+    virtualHosts = {
+      "lassul.us" = {
+        locations."= /.well-known/matrix/server".extraConfig = ''
+          add_header Content-Type application/json;
+          return 200 '${builtins.toJSON {
+            "m.server" = "matrix.lassul.us:443";
+          }}';
+        '';
+        locations."= /.well-known/matrix/client".extraConfig = ''
+          add_header Content-Type application/json;
+          add_header Access-Control-Allow-Origin *;
+          return 200 '${builtins.toJSON {
+            "m.homeserver" = { "base_url" = "https://matrix.lassul.us"; };
+            "m.identity_server" = { "base_url" = "https://vector.im"; };
+          }}';
+        '';
+      };
+      "matrix.lassul.us" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/_matrix" = {
+          proxyPass = "http://[::1]:8008";
+        };
+      };
+    };
+  };
+}
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/1a000000.lock: No such file or directory (2)