katja's git: nixfiles

ctucx' nixfiles

commit e17c0b2b5a3ff2567b43d4a24a7d351d53f967fe
parent 9396d07566e01956bf5f17a17e37cecd6627f6af
Author: Katja (ctucx) <git@ctu.cx>
Date: Mon, 28 Apr 2025 20:36:54 +0200

nodes/wanderduene: add grapevine and conduwuit matrix servers (just for testing stuff)

3 files changed, 175 insertions(+), 0 deletions(-)
A
configurations/nixos/websites/conduwuit.ctucx.de.nix
|
70
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
configurations/nixos/websites/grapevine.ctucx.de.nix
|
102
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
nodes/wanderduene/default.nix
|
3
+++
diff --git a/configurations/nixos/websites/conduwuit.ctucx.de.nix b/configurations/nixos/websites/conduwuit.ctucx.de.nix
@@ -0,0 +1,70 @@
+{
+  inputs,
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  dns.zones."ctucx.de".subdomains.conduwuit.CNAME = [ "${config.networking.fqdn}." ];
+
+  systemd.services.conduwuit.serviceConfig.ExecStart =
+    lib.mkForce "${config.services.conduwuit.package}/bin/conduwuit";
+
+  services.conduwuit = {
+    enable = true;
+    package = inputs.conduwuit.packages."${config.nixpkgs.system}".default;
+    settings.global = {
+      server_name = "conduwuit.ctucx.de";
+      address = [ "::1" ];
+      port = [ 6167 ];
+      allow_registration = false;
+      registration_token = "foobar123";
+      database_backup_path = "/var/lib/conduwuit/databaseBackup";
+      database_backups_to_keep = 1;
+      query_trusted_key_servers_first = false;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts =
+      let
+        matrixServerConfig = {
+          "m.server" = "conduwuit.ctucx.de:443";
+        };
+        matrixClientConfig = {
+          "m.homeserver".base_url = "https://conduwuit.ctucx.de/";
+        };
+      in
+      {
+        "${config.services.conduwuit.settings.global.server_name}" = {
+          useACMEHost = "${config.networking.fqdn}";
+          forceSSL = true;
+          kTLS = true;
+          locations = {
+            "/.well-known/matrix/server".extraConfig = ''
+              add_header Content-Type application/json;
+              return 200 '${builtins.toJSON matrixServerConfig}';
+            '';
+            "/.well-known/matrix/client".extraConfig = ''
+              add_header Content-Type application/json;
+              return 200 '${builtins.toJSON matrixClientConfig}';
+            '';
+            "/_matrix" = {
+              proxyPass = "http://[${lib.last config.services.conduwuit.settings.global.address}]:${toString (lib.last config.services.conduwuit.settings.global.port)}";
+              proxyWebsockets = true;
+            };
+            "/".root = pkgs.cinny.override {
+              conf = {
+                defaultHomeserver = 0;
+                homeserverList = [ config.services.conduwuit.settings.global.server_name ];
+                hashRouter.enabled = true;
+                allowCustomHomesevrers = false;
+              };
+            };
+          };
+        };
+      };
+  };
+}

diff --git a/configurations/nixos/websites/grapevine.ctucx.de.nix b/configurations/nixos/websites/grapevine.ctucx.de.nix
@@ -0,0 +1,102 @@
+{ inputs, pkgs, lib, config, ... }:
+
+{
+
+  dns.zones."ctucx.de".subdomains.grapevine.CNAME = [ "${config.networking.fqdn}." ];
+
+  systemd.services.grapevine.serviceConfig.ExecStartPre = pkgs.writeShellScript "createDirs" ''
+    mkdir -p /var/lib/grapevine/media;
+    mkdir -p /var/lib/grapevine/database;
+  '';
+
+  services.grapevine = {
+    enable = true;
+
+    settings = {
+      server_name      = "grapevine.ctucx.de";
+      max_request_size = 52428800;
+
+      media.allow_unauthenticated_access = false;
+
+      allow_registration = true;
+      registration_token = "foobar123";
+
+      database.backend = "rocksdb";
+      database.cache_capacity_mb = 128;
+
+      federation.max_concurrent_requests = 10000;
+
+      federation.self_test = false; # somehow this fails to unexpected server version
+
+      server_discovery = {
+        server.authority = "grapevine.${config.networking.domain}:443";
+        client.base_url = "https://grapevine.${config.networking.domain}";
+      };
+
+      listen = [{
+        type    = "tcp";
+        address = "::1";
+        port    = 6168;
+      }];
+
+      observability = {
+        metrics.enable = true;
+
+        logs.format = "pretty";
+
+        traces.enable = true;
+        traces.filter = "off";
+      };
+
+      cache = {
+        auth_chain = 0;
+        eventid_short = 0;
+        pdu = 0;
+        roomid_spacechunk = 0;
+        server_visibility = 0;
+        short_eventid = 0;
+        short_statekey = 0;
+        state_info = 0;
+        statekey_short = 0;
+        user_visibility = 0;
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = let
+      grapevineListen    = lib.last config.services.grapevine.settings.listen;
+      matrixServerConfig = { "m.server"              = "grapevine.ctucx.de:443"; };
+      matrixClientConfig = { "m.homeserver".base_url = "https://grapevine.ctucx.de/"; };
+    in {
+      "${config.services.grapevine.settings.server_name}" = {
+        useACMEHost = "${config.networking.fqdn}";
+        forceSSL = true;
+        kTLS = true;
+        locations = {
+          "/.well-known/matrix/server".extraConfig = ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON matrixServerConfig}';
+          '';
+          "/.well-known/matrix/client".extraConfig = ''
+            add_header Content-Type application/json;
+            return 200 '${builtins.toJSON matrixClientConfig}';
+          '';
+          "/_matrix" = {
+            proxyPass = "http://[${grapevineListen.address}]:${toString (grapevineListen.port)}";
+            proxyWebsockets = true;
+          };
+          "/".root = pkgs.cinny.override {
+            conf = {
+              defaultHomeserver = 0;
+              homeserverList = [ config.services.grapevine.settings.server_name ];
+              hashRouter.enabled = true;
+              allowCustomHomesevrers = false;
+            };
+          };
+        };
+      };
+      };
+  };
+}

diff --git a/nodes/wanderduene/default.nix b/nodes/wanderduene/default.nix
@@ -27,6 +27,9 @@
       ctucxConfig.websites."ip.ctu.cx"
       ctucxConfig.websites."flauschehorn.katja.wtf"
 
+      ctucxConfig.websites."conduwuit.ctucx.de"
+      ctucxConfig.websites."grapevine.ctucx.de"
+
       ./rclone-restic-server.nix
       ./syncthing.nix
     ];