From 4863ab05f5e46c42e623e607f5715d25b9e9157c Mon Sep 17 00:00:00 2001 From: Katharina Heidenreich Date: Sat, 14 Mar 2026 12:24:29 +0100 Subject: [PATCH] feat: add continuwuity server --- data/network.nix | 13 +++++++++++ data/storage.nix | 6 +++++ services/continuwuity.nix | 21 +++++++++++++++++ services/nginx.nix | 48 +++++++++++++++++++++++++++------------ 4 files changed, 73 insertions(+), 15 deletions(-) create mode 100644 services/continuwuity.nix diff --git a/data/network.nix b/data/network.nix index 86d6a21..57013c1 100644 --- a/data/network.nix +++ b/data/network.nix @@ -56,6 +56,19 @@ rec { "router" = { ip = ips.router; }; + "continuwuity" = { + ip = ips.pi; + reverse_proxy = { + port = 6167; + aliases = [ "matrix" ]; + endpoints = [ + "/_matrix" + "/_matrix/federation" + ]; + }; + domainOverride = "continuwuity.home"; + + }; }; dnsMappings = builtins.listToAttrs (map (name: { diff --git a/data/storage.nix b/data/storage.nix index 22d7009..a50c082 100644 --- a/data/storage.nix +++ b/data/storage.nix @@ -11,4 +11,10 @@ rec { source = "/dev/disk/by-uuid/a3ffb02e-fe9f-4bce-bd94-af0294ebff8f"; options = ["noatime"]; }; + matrix-storage = { + path = "/var/lib/continuwuity"; + type = "none"; + source = "${ssd.path}/continuwuity"; + options = ["bind"]; + } } diff --git a/services/continuwuity.nix b/services/continuwuity.nix new file mode 100644 index 0000000..f97834b --- /dev/null +++ b/services/continuwuity.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +let + net = import ../data/network.nix; + serv = import ../data/services.nix; +in +{ + services.matrix-continuwuity = { + settings = { + global = { + server_name = net.services.continuwuity.domainOverride; + address = "127.0.0.1"; + port = 6167; + allow_registration = true; + allow_encryption = true; + allow_federation = true; + max_request_size = 20 * 1024 * 1024; # 20 MiB + }; + }; + }; +} diff --git a/services/nginx.nix b/services/nginx.nix index d91c7ef..f886018 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -1,20 +1,34 @@ { config, pkgs, lib, ... }: let network = import ../data/network.nix; - rproxyServices = builtins.mapAttrs (name: service: { - serverName = "${name}.${network.local_domain}"; - listen = [ {addr = "0.0.0.0"; port = 80;} ]; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/"; - proxyWebsockets = true; + virtualHostFn = name: service: let + domain = if service.domainOverride == null + then "${name}.${network.local_domain}" + else service.domainOverride; + locationList = if service.reverse_proxy.endpoints == null + then ["/"] + else service.reverse_proxy.endpoints; + locationsData = builtins listToAttrs (map (endpointName: { + name = endpointName; + value = { + proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/"; + proxyWebsockets = true; + }; + })); + serverAlias = lib.optionalAttrs (service.reverse_proxy.aliases != null) { + serverAliases = map (alias: "${alias}.${domain}") service.reverse_proxy.aliases; }; - }; - extraConfig = '' - allow ${network.network.subnet}; - deny all; - ''; - }) network.reverse_proxy; + in + { + serverName = "${domain}"; + listen = [ {addr = "0.0.0.0"; port = 80;} ]; + locations = locationsData; + extraConfig = '' + allow ${network.network.subnet}; + deny all; + ''; + } // serverAlias; + rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy; serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy); fallback = { serverName = "_"; @@ -42,6 +56,10 @@ in { virtualHosts = rproxyServices // {fallback = fallback;}; }; - # TODO add 443 for https - networking.firewall.allowedTCPPorts = [80]; + networking.firewall.allowedTCPPorts = [80 443]; + + security.acme = { + acceptTerms = true; + defaults.email = "katharina.heidenreich02@gmail.com"; + }; }