hippocampus: matrix client/server prep

machines/hippocampus/servers/public/matrix.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = [
+    ./matrix/server.nix
+    ./matrix/client.nix
+  ];
+}

machines/hippocampus/servers/public/matrix/client.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }: {
+  services.nginx.virtualHosts.cinny = {
+    listen = {
+      addr = "unix:/run/cinny.sock";
+    };
+    locations."/" = {
+      root = pkgs.cinny;
+      extraConfig = ''
+        rewrite ^/config.json$ /config.json break;
+        rewrite ^/manifest.json$ /manifest.json break;
+
+        rewrite ^/sw.js$ /sw.js break;
+        rewrite ^/pdf.worker.min.js$ /pdf.worker.min.js break;
+
+        rewrite ^/public/(.*)$ /public/$1 break;
+        rewrite ^/assets/(.*)$ /assets/$1 break;
+
+        rewrite ^(.+)$ /index.html break;
+      '';
+    };
+  };
+  services.caddy.virtualHosts = {
+    "glia.club" = {
+      extraConfig = ''
+        reverse_proxy unix//run/cinny.sock
+      '';           
+    };
+
+    "chat.glia.club" = {
+      extraConfig = ''
+        reverse_proxy unix//run/cinny.sock
+      '';
+    };
+  };
+
+}

machines/hippocampus/servers/public/matrix/server.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }: {
+  services.matrix-tuwunel = {
+    enable = true;
+    stateDirectory = "tuwunel";
+    # Must be equal to whatever reverse proxy is used for the unix
+    # socket path to work
+    group = config.services.caddy.group;
+    settings = {
+      global = {
+        address = null;
+        unix_socket_path = "/run/tuwunel/tuwunel.sock";
+        server_name = "glia.club";
+        allow_federation = false;
+        allow_encryption = true;
+      };
+    };
+  };
+  services.caddy.virtualHosts = {
+    "glia.club, glia.club:8448" = {
+      extraConfig = let
+        proxy = "unix/${config.services.matrix-tuwunel.settings.global.unix_socket_path}";
+      in ''
+        reverse_proxy /_matrix/* ${proxy}
+        reverse_proxy /_tuwunel/* ${proxy}
+        reverse_proxy /.well-known/matrix/client ${proxy}
+        reverse_proxy /.well-known/matrix/server ${proxy}
+        reverse_proxy /.well-known/matrix/support ${proxy}
+      '';           
+    };
+  };
+}