diff --git a/flake.lock b/flake.lock index 33ccfb1..5168e5f 100644 --- a/flake.lock +++ b/flake.lock @@ -55,16 +55,16 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1718214198, - "narHash": "sha256-/qKPeE2Ptweaf+rHOvdW0TUDLwN9D93MMgDoU4fTzEA=", + "lastModified": 1728224242, + "narHash": "sha256-mQLfRAun2G/LDnw3jyFGJbOqpxh2PL8IGzFELRfAgAI=", "owner": "famedly", "repo": "conduit", - "rev": "7a5b8930134cf7ea5ff9880e6fa468b2b3e05c98", + "rev": "f8d7ef04e664580e882bac852877b68e7bd3ab1e", "type": "gitlab" }, "original": { "owner": "famedly", - "ref": "v0.8.0", + "ref": "v0.9.0", "repo": "conduit", "type": "gitlab" } diff --git a/flake.nix b/flake.nix index 183de09..e68e428 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; dtth-phanpy.url = "git+ssh://gitea@git.dtth.ch/nki/phanpy?ref=dtth-fork"; - conduit.url = "gitlab:famedly/conduit/v0.8.0"; + conduit.url = "gitlab:famedly/conduit/v0.9.0"; nix-gaming.url = github:fufexan/nix-gaming; # --- Sources diff --git a/modules/cloud/conduit/default.nix b/modules/cloud/conduit/default.nix index 08fe655..c4ad7cd 100644 --- a/modules/cloud/conduit/default.nix +++ b/modules/cloud/conduit/default.nix @@ -74,6 +74,8 @@ with lib; global.port = instance.port; global.allow_registration = instance.allow_registration; global.database_path = "/mnt/data/${srvName}/"; + global.well_known_client = "https://${instance.host}"; + global.well_known_server = "${instance.host}:443"; }); in { @@ -114,61 +116,12 @@ with lib; )) cfg.instances); - # Serving .well-known files - # This is a single .well-known/matrix/server file that points to the server, - # which is NOT on port 8448 since Cloudflare doesn't allow us to route HTTPS - # through that port. - config.services.nginx = mkIf cfg.enable - { - enable = true; - virtualHosts = lib.attrsets.mapAttrs' - (name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" { - listen = [{ addr = "127.0.0.1"; port = instance.well-known_port; }]; - # Check https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md - # for the file structure. - root = pkgs.symlinkJoin - { - name = "well-known-files-for-conduit-${name}"; - paths = [ - (pkgs.writeTextDir ".well-known/matrix/client" (builtins.toJSON { - "m.homeserver".base_url = "https://${instance.host}"; - "org.matrix.msc3575.proxy".url = "https://${instance.host}"; - })) - (pkgs.writeTextDir ".well-known/matrix/server" (builtins.toJSON { - "m.server" = "${instance.host}:443"; - })) - ]; - }; - extraConfig = - # Enable CORS from anywhere since we want all clients to find us out - '' - add_header 'Access-Control-Allow-Origin' "*"; - '' + - # Force returning values to be JSON data - '' - default_type application/json; - ''; - }) - cfg.instances; - }; - config.cloud.traefik.hosts = mkIf cfg.enable ( (lib.attrsets.mapAttrs' (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({ inherit (instance) host port noCloudflare; })) cfg.instances) - // (lib.attrsets.mapAttrs' - (name: instance: lib.attrsets.nameValuePair "conduit-${name}-well-known" ( - let - server_name = if instance.server_name == "" then instance.host else instance.server_name; - in - { - port = instance.well-known_port; - filter = "Host(`${server_name}`) && PathPrefix(`/.well-known`)"; - } - )) - cfg.instances) ); }