2022-06-10 20:50:07 +00:00
|
|
|
{ pkgs, config, lib, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.cloud.conduit;
|
2023-04-04 09:29:56 +00:00
|
|
|
|
|
|
|
defaultConfig = {
|
|
|
|
global = {
|
|
|
|
# Must be filled
|
|
|
|
# server_name = "";
|
|
|
|
# Must be filled
|
|
|
|
# port = "";
|
|
|
|
max_request_size = 20000000;
|
|
|
|
allow_registration = false;
|
|
|
|
allow_encryption = true;
|
|
|
|
allow_federation = true;
|
|
|
|
trusted_servers = [ "matrix.org" ];
|
|
|
|
address = "::1";
|
|
|
|
# Must be filled
|
|
|
|
# database_path = "";
|
|
|
|
database_backend = "rocksdb";
|
|
|
|
};
|
|
|
|
};
|
2022-06-10 20:50:07 +00:00
|
|
|
in
|
|
|
|
with lib;
|
|
|
|
{
|
2023-03-31 14:48:33 +00:00
|
|
|
imports = [ ./heisenbridge.nix ];
|
2022-06-10 20:50:07 +00:00
|
|
|
options.cloud.conduit = {
|
|
|
|
enable = mkEnableOption "Enable the conduit server";
|
|
|
|
|
2022-07-05 16:51:33 +00:00
|
|
|
package = mkOption {
|
|
|
|
type = types.package;
|
|
|
|
default = pkgs.matrix-conduit;
|
|
|
|
};
|
|
|
|
|
2023-04-04 09:29:56 +00:00
|
|
|
instances = mkOption {
|
|
|
|
type = types.attrsOf (types.submodule {
|
|
|
|
options = {
|
|
|
|
host = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
server_name = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "";
|
|
|
|
};
|
|
|
|
port = mkOption {
|
|
|
|
type = types.int;
|
|
|
|
};
|
2023-09-03 18:51:52 +00:00
|
|
|
noCloudflare = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
2023-04-04 09:29:56 +00:00
|
|
|
allow_registration = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
};
|
|
|
|
well-known_port = mkOption {
|
|
|
|
type = types.int;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
});
|
2022-06-10 21:37:19 +00:00
|
|
|
};
|
2022-06-10 20:50:07 +00:00
|
|
|
};
|
|
|
|
|
2023-04-04 09:29:56 +00:00
|
|
|
config.systemd.services = mkIf cfg.enable
|
|
|
|
(lib.attrsets.mapAttrs'
|
|
|
|
(name: instance: lib.attrsets.nameValuePair "matrix-conduit-${name}"
|
|
|
|
(
|
|
|
|
let
|
|
|
|
srvName = "matrix-conduit-${name}";
|
|
|
|
format = pkgs.formats.toml { };
|
|
|
|
server_name = if instance.server_name == "" then instance.host else instance.server_name;
|
|
|
|
configFile = format.generate "conduit.toml" (lib.attrsets.recursiveUpdate defaultConfig {
|
|
|
|
global.server_name = server_name;
|
|
|
|
global.port = instance.port;
|
|
|
|
global.allow_registration = instance.allow_registration;
|
2024-01-26 12:44:46 +00:00
|
|
|
global.database_path = "/mnt/data/${srvName}/";
|
2024-10-07 20:53:57 +00:00
|
|
|
global.well_known_client = "https://${instance.host}";
|
|
|
|
global.well_known_server = "${instance.host}:443";
|
2023-04-04 09:29:56 +00:00
|
|
|
});
|
|
|
|
in
|
|
|
|
{
|
|
|
|
description = "Conduit Matrix Server (for ${server_name})";
|
|
|
|
documentation = [ "https://gitlab.com/famedly/conduit/" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment = { CONDUIT_CONFIG = configFile; };
|
|
|
|
serviceConfig = {
|
|
|
|
DynamicUser = true;
|
|
|
|
User = "${srvName}";
|
|
|
|
LockPersonality = true;
|
|
|
|
MemoryDenyWriteExecute = true;
|
|
|
|
ProtectClock = true;
|
|
|
|
ProtectControlGroups = true;
|
|
|
|
ProtectHostname = true;
|
|
|
|
ProtectKernelLogs = true;
|
|
|
|
ProtectKernelModules = true;
|
|
|
|
ProtectKernelTunables = true;
|
|
|
|
PrivateDevices = true;
|
|
|
|
PrivateMounts = true;
|
|
|
|
PrivateUsers = true;
|
|
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
|
|
RestrictNamespaces = true;
|
|
|
|
RestrictRealtime = true;
|
|
|
|
SystemCallArchitectures = "native";
|
|
|
|
SystemCallFilter = [
|
|
|
|
"@system-service"
|
|
|
|
"~@privileged"
|
|
|
|
];
|
2024-04-25 18:05:03 +00:00
|
|
|
# StateDirectory = "/mnt/data/${srvName}";
|
2024-01-26 12:44:46 +00:00
|
|
|
BindPaths = [ "/mnt/data/${srvName}" ];
|
2023-04-04 09:29:56 +00:00
|
|
|
ExecStart = "${cfg.package}/bin/conduit";
|
|
|
|
Restart = "on-failure";
|
|
|
|
RestartSec = 10;
|
|
|
|
StartLimitBurst = 5;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
))
|
|
|
|
cfg.instances);
|
2022-06-10 20:50:07 +00:00
|
|
|
|
2023-04-04 09:29:56 +00:00
|
|
|
config.cloud.traefik.hosts = mkIf cfg.enable (
|
|
|
|
(lib.attrsets.mapAttrs'
|
|
|
|
(name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
|
2023-09-03 18:51:52 +00:00
|
|
|
inherit (instance) host port noCloudflare;
|
2023-04-04 09:29:56 +00:00
|
|
|
}))
|
|
|
|
cfg.instances)
|
|
|
|
);
|
2022-06-10 20:50:07 +00:00
|
|
|
}
|
|
|
|
|