feat: add continuwuity server

2026-03-14 12:24:29 +01:00 · 2026-03-14 12:24:29 +01:00 · 4863ab05f5
commit 4863ab05f5
parent 2e50350107
4 changed files with 73 additions and 15 deletions
--- a/services/continuwuity.nix
+++ b/services/continuwuity.nix
@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+let
+  net = import ../data/network.nix;
+  serv = import ../data/services.nix;
+in
+{
+  services.matrix-continuwuity = {
+    settings = {
+      global = {
+        server_name = net.services.continuwuity.domainOverride;
+        address = "127.0.0.1";
+        port = 6167;
+        allow_registration = true;
+        allow_encryption = true;
+        allow_federation = true;
+        max_request_size = 20 * 1024 * 1024; # 20 MiB
+      };
+    };
+  };
+}
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -1,20 +1,34 @@
 { config, pkgs, lib, ... }:
 let
  network = import ../data/network.nix;
-  rproxyServices = builtins.mapAttrs (name: service: {
-    serverName = "${name}.${network.local_domain}";
-    listen = [ {addr = "0.0.0.0"; port = 80;} ];
-    locations = {
-      "/" = {
-        proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
-        proxyWebsockets = true;
+  virtualHostFn = name: service: let
+    domain = if service.domainOverride == null 
+        then "${name}.${network.local_domain}" 
+        else service.domainOverride;
+    locationList = if service.reverse_proxy.endpoints == null 
+        then ["/"]
+        else service.reverse_proxy.endpoints;
+    locationsData = builtins listToAttrs (map (endpointName: {
+        name = endpointName;
+        value = {
+          proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
+            proxyWebsockets = true;
+        };
+      }));
+    serverAlias = lib.optionalAttrs (service.reverse_proxy.aliases != null) {
+        serverAliases = map (alias: "${alias}.${domain}") service.reverse_proxy.aliases;
      };
-    };
-    extraConfig = ''
-      allow ${network.network.subnet};
-      deny all;
-    '';
-  }) network.reverse_proxy;
+  in
+    {
+      serverName = "${domain}";
+      listen = [ {addr = "0.0.0.0"; port = 80;} ];
+      locations = locationsData;
+      extraConfig = ''
+        allow ${network.network.subnet};
+        deny all;
+      '';
+    } // serverAlias;
+  rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
  serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
  fallback = {
    serverName = "_";
@ -42,6 +56,10 @@ in {
    virtualHosts = rproxyServices // {fallback = fallback;};
  };

-  # TODO add 443 for https
-  networking.firewall.allowedTCPPorts = [80];
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "katharina.heidenreich02@gmail.com";
+  };
 }