Nix | .ref :me

Nix snippets #

Warning:
This snippet below is so old… SKIP!
{pkgs, ...}:
{
  nixpkgs.overlays = [
    (self: super: {
      riot-web = super.riot-web.override {
        conf = {
          default_server_config = {
            "m.homeserver" = {
              "base_url" = "https://matrix.this.site";
              "server_name" = "this.site";
            };
            "m.identity_server" = {
              "base_url" = "https://vector.im";
            };
          };

          jitsi.preferredDomain = "jitsi.this.site";
        };
      };
    })
  ];

  environment.systemPackages = with pkgs; [ vim riot-web ];

  networking.firewall = {
    allowedUDPPorts = [ 5349 5350 ];
    allowedTCPPorts = [ 22 80 443 3478 3479 ];
  };

  services.nginx = {
    enable = true;
    virtualHosts = {

      "matrix.this.site" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://localhost:8008";
        };
      };

      "riot.this.site" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          root = pkgs.riot-web;
        };
      };

      # "jitsi.this.site" = {
      #   enableACME = true;
      #   forceSSL = true;
      # };
    };

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;
  };

  services.matrix-synapse = {
    enable = true;
    server_name = "this.site";
    enable_metrics = true;
    enable_registration = true;
    database_type = "psycopg2";

    database_args = {
      password = "synapse";
    };

    listeners = [
      {
        port = 8008;
        tls = false;
        resources = [
          {
            compress = true;
            names = ["client" "webclient" "federation"];
          }
        ];
      }
    ];

    turn_uris = [
      "turn:turn.this.site:3478?transport=udp"
      "turn:turn.this.site:3478?transport=tcp"
    ];
    turn_shared_secret = "redacted";
  };

  services.postgresql = {
    enable = true;

    initialScript = pkgs.writeText "synapse-init.sql" ''
      CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
      CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
        TEMPLATE template0
        LC_COLLATE = "C"
        LC_CTYPE = "C";
    '';
  };

  # services.jitsi-meet = {
  #   enable = true;
  #   hostName = "jitsi.this.site";
  #   videobridge.openFirewall = true;
  # };

  services.coturn = {
    enable = true;
    use-auth-secret = true;
    # XXX: nix-shell -p pwgen --command "pwgen -s 64 1"
    static-auth-secret = "redacted";
    realm = "turn.this.site";
    no-tcp-relay = true;
    no-tls = true;
    no-dtls = true;
    extraConfig = ''
      user-quota=12
      total-quota=1200
      denied-peer-ip=10.0.0.0-10.255.255.255
      denied-peer-ip=192.168.0.0-192.168.255.255
      denied-peer-ip=172.16.0.0-172.31.255.255
      allowed-peer-ip=192.168.123.123
    '';
  };

  security.acme.email = "[email protected]";
  security.acme.acceptTerms = true;
}