40 lines
1.2 KiB
Nix
40 lines
1.2 KiB
Nix
{ config, pkgs, lib, ... }: {
|
|
sops.secrets.tuwunelreg = {
|
|
owner = config.services.matrix-tuwunel.user;
|
|
};
|
|
services.matrix-tuwunel = {
|
|
enable = true;
|
|
stateDirectory = "tuwunel";
|
|
# Must be equal to whatever reverse proxy is used for the unix
|
|
# socket path to work
|
|
group = config.services.caddy.group;
|
|
settings = {
|
|
global = {
|
|
address = null;
|
|
unix_socket_path = "/run/tuwunel/tuwunel.sock";
|
|
server_name = "glia.club";
|
|
allow_federation = false;
|
|
allow_encryption = true;
|
|
|
|
new_user_displayname_suffix = "🌱";
|
|
|
|
allow_registration = true;
|
|
registration_token_file = config.sops.secrets.tuwunelreg.path;
|
|
};
|
|
};
|
|
};
|
|
services.caddy.virtualHosts = {
|
|
"glia.club, glia.club:8448" = {
|
|
extraConfig = let
|
|
proxy = "unix/${config.services.matrix-tuwunel.settings.global.unix_socket_path}";
|
|
in ''
|
|
reverse_proxy /_matrix/* ${proxy}
|
|
reverse_proxy /_tuwunel/* ${proxy}
|
|
reverse_proxy /.well-known/matrix/client ${proxy}
|
|
reverse_proxy /.well-known/matrix/server ${proxy}
|
|
reverse_proxy /.well-known/matrix/support ${proxy}
|
|
'';
|
|
};
|
|
};
|
|
}
|