Infra/pi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add continuwuity server

Browse source
This commit is contained in:
Katharina Heidenreich 2026-03-14 12:24:29 +01:00
parent 2e50350107
commit 4863ab05f5
4 changed files with 73 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

13
data/network.nix
View file

@ -56,6 +56,19 @@ rec {
"router" = { "router" = {
ip = ips.router; ip = ips.router;
}; };
"continuwuity" = {
ip = ips.pi;
reverse_proxy = {
port = 6167;
aliases = [ "matrix" ];
endpoints = [
"/_matrix"
"/_matrix/federation"
];
};
domainOverride = "continuwuity.home";
};
}; };
dnsMappings = builtins.listToAttrs (map (name: { dnsMappings = builtins.listToAttrs (map (name: {

6
data/storage.nix
View file

@ -11,4 +11,10 @@ rec {
source = "/dev/disk/by-uuid/a3ffb02e-fe9f-4bce-bd94-af0294ebff8f"; source = "/dev/disk/by-uuid/a3ffb02e-fe9f-4bce-bd94-af0294ebff8f";
options = ["noatime"]; options = ["noatime"];
}; };
matrix-storage = {
path = "/var/lib/continuwuity";
type = "none";
source = "${ssd.path}/continuwuity";
options = ["bind"];
}
} }

21
services/continuwuity.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
let
net = import ../data/network.nix;
serv = import ../data/services.nix;
in
{
services.matrix-continuwuity = {
settings = {
global = {
server_name = net.services.continuwuity.domainOverride;
address = "127.0.0.1";
port = 6167;
allow_registration = true;
allow_encryption = true;
allow_federation = true;
max_request_size = 20 * 1024 * 1024; # 20 MiB
};
};
};
}

48
services/nginx.nix
View file

@ -1,20 +1,34 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
network = import ../data/network.nix; network = import ../data/network.nix;
rproxyServices = builtins.mapAttrs (name: service: { virtualHostFn = name: service: let
serverName = "${name}.${network.local_domain}"; domain = if service.domainOverride == null
listen = [ {addr = "0.0.0.0"; port = 80;} ]; then "${name}.${network.local_domain}"
locations = { else service.domainOverride;
"/" = { locationList = if service.reverse_proxy.endpoints == null
proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/"; then ["/"]
proxyWebsockets = true; else service.reverse_proxy.endpoints;
locationsData = builtins listToAttrs (map (endpointName: {
name = endpointName;
value = {
proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
proxyWebsockets = true;
};
}));
serverAlias = lib.optionalAttrs (service.reverse_proxy.aliases != null) {
serverAliases = map (alias: "${alias}.${domain}") service.reverse_proxy.aliases;
}; };
}; in
extraConfig = '' {
allow ${network.network.subnet}; serverName = "${domain}";
deny all; listen = [ {addr = "0.0.0.0"; port = 80;} ];
''; locations = locationsData;
}) network.reverse_proxy; extraConfig = ''
allow ${network.network.subnet};
deny all;
'';
} // serverAlias;
rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy); serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
fallback = { fallback = {
serverName = "_"; serverName = "_";
@ -42,6 +56,10 @@ in {
virtualHosts = rproxyServices // {fallback = fallback;}; virtualHosts = rproxyServices // {fallback = fallback;};
}; };
# TODO add 443 for https networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [80];
security.acme = {
acceptTerms = true;
defaults.email = "katharina.heidenreich02@gmail.com";
};
} }