[matrix] Got Blazestar.net working, but federation and cross-server joining isn't quite right.

2025-06-25 15:49:25 -07:00
parent b1510c3670
commit 1dc7d7b355
4 changed files with 91 additions and 18 deletions
--- a/system/hosts/mcp/containers/blazestar.net/chat.nix
+++ b/system/hosts/mcp/containers/blazestar.net/chat.nix
@@ -1,31 +1,102 @@
 { config, ... }:
 let
  inherit (import ../lib.nix config) mkContainer blazestar;
+  matrixHost = "matrix";
+  serviceName = "matrix-blazestar-net";
+  dbPath = "/var/lib/matrix";
+  port = 8448;
 in
 {
-  virtualisation.oci-containers.containers.chat-blazestar-net = mkContainer {
-    image = "ghcr.io/matrix-construct/tuwunel";
-    hostName = "chat";
-    domain = blazestar;
-    port = 6167;
+  sops.secrets = {
+    "matrix/blazestar-registration-token" = {
+      restartUnits = [ "${config.local.container-backend}-matrix-blazestar-net.service" ];
+    };
+  };
+
+  sops.templates."matrix-blazestar-net.env".content = ''
+    TUWUNEL_REGISTRATION_TOKEN=${config.sops.placeholder."matrix/blazestar-registration-token"}
+  '';
+
+  virtualisation.oci-containers.containers."${serviceName}" = {
+    # The 1.1.0 version has an issue with the compression being incorrectly tagged.
+    # See: https://github.com/matrix-construct/tuwunel/issues/79
+    image = "ghcr.io/matrix-construct/tuwunel:v1.0.0-release-all-x86_64-linux-gnu";
+    autoStart = true;
+    hostname = "${matrixHost}.${blazestar}";
    volumes = [
-      "chat-blazestar-net-db:/var/lib/tuwunel"
+      "matrix-blazestar-net-db:${dbPath}"
    ];
    environment = {
-      TUWUNEL_PORT = "6167";
+      TUWUNEL_PORT = toString port;
+      TUWUNEL_ADDRESS = "0.0.0.0"; # It'll bind to localhost by default with Podman
      TUWUNEL_SERVER_NAME = "blazestar.net";
-      TUWUNEL_ALLOW_REGISTRATION = "false";
+      TUWUNEL_ALLOW_REGISTRATION = "true";
      TUWUNEL_ALLOW_CHECK_FOR_UPDATES = "true";
      TUWUNEL_ALLOW_FEDERATION = "true";
+      TUWUNEL_DATABASE_BACKEND = "rocksdb";
+      TUWUNEL_DATABASE_PATH = dbPath;
      TUWUNEL_WELL_KNOWN = ''
-        client=https://chat.blazestar.net,
-        server:chat.blazestar.net:443
+        {
+          client=https://${matrixHost}.blazestar.net,
+          server=${matrixHost}.blazestar.net:443
+        }
      '';
+      TUWUNEL_TRUSTED_SERVERS = ''["matrix.org", "chat.havenisms.com"]'';
    };
-    extraLabels = {
-      "traefik.http.routers.chat-blazestar-net-well-known.rule" =
-        "Host(`blazestar.net`) && PathPrefix(`.well-known`)";
-      "traefik.http.services.chat-blazestar-net-well-known.loadbalancer.server.port" = "6167";
+    environmentFiles = [
+      config.sops.templates."matrix-blazestar-net.env".path
+    ];
+    labels = {
+      "traefik.enable" = "true";
+      "traefik.http.routers.${serviceName}.rule" = "Host(`${matrixHost}.${blazestar}`)";
+      "traefik.http.services.${serviceName}.loadbalancer.server.port" = "${toString port}";
+
+      # Redirect well-known requests to this host.
+      "traefik.http.routers.${matrixHost}-blazestar-net-well-known.rule" =
+        "Host(`blazestar.net`) && PathPrefix(`/.well-known/matrix`)";
+      "traefik.http.routers.${matrixHost}-blazestar-net-well-known.service" = serviceName;
+    };
+  };
+  # virtualisation.oci-containers.containers.matrix-blazestar-net =
+  #   mkContainer {
+  #     image = "registry.gitlab.com/famedly/conduit/matrix-conduit:latest";
+  #     hostName = hostname;
+  #     domain = blazestar;
+  #     port = port;
+  #     ports = [
+  #       "8449:6167"
+  #     ];
+  #     volumes = [
+  #       "chat-blazestar-net-db:${dbPath}"
+  #     ];
+  #     environment = {
+  #       CONDUIT_PORT = "6167";
+  #       CONDUIT_SERVER_NAME = "blazestar.net";
+  #       CONDUIT_ALLOW_REGISTRATION = "true";
+  #       CONDUIT_DATABASE_BACKEND = "rocksdb";
+  #       CONDUIT_DATABASE_PATH = dbPath;
+  #       CONDUIT_ALLOW_CHECK_FOR_UPDATES = "true";
+  #       CONDUIT_ALLOW_FEDERATION = "true";
+  #       CONDUIT_MAX_REQUEST_SIZE = "20000000";
+  #       CONDUIT_TRUSTED_SERVERS = "[\"matrix.org\"]";
+  #       CONDUIT_MAX_CONCURRENT_REQUESTS = "100";
+  #       CONDUIT_WELL_KNOWN_CLIENT = "https://${hostname}.blazestar.net";
+  #       CONDUIT_WELL_KNOWN_SERVER = "${hostname}.blazestar.net:443";
+  #       CONDUIT_CONFIG = ""; # Ignore the config file
+  #     };
+  #     extraLabels = {
+  #       "traefik.http.routers.${hostname}-blazestar-net-well-known.rule" =
+  #         "Host(`blazestar.net`) && PathPrefix(`/.well-known`)";
+  #       "traefik.http.routers.${hostname}-blazestar-net-well-known.service" = "${hostname}-blazestar-net";
+  #     };
+  #   };
+  virtualisation.oci-containers.containers.chat = mkContainer {
+    image = "vectorim/element-web:latest";
+    hostName = "chat";
+    port = 8080;
+    domain = blazestar;
+    environment = {
+      ELEMENT_WEB_PORT = "8080";
    };
  };
 }
--- a/system/hosts/mcp/containers/havenisms.com/chat.nix
+++ b/system/hosts/mcp/containers/havenisms.com/chat.nix
@@ -31,6 +31,7 @@ in
      dependsOn = [
        "db"
      ];
+
      volumes = [
        "/tank/config/synapse/data:/data"
      ];
--- a/system/hosts/mcp/containers/media-system.nix
+++ b/system/hosts/mcp/containers/media-system.nix
@@ -40,7 +40,7 @@ in
      # };
    };
    deluge = {
-      image = "linuxserver/deluge:latest";
+      image = "lscr.io/linuxserver/deluge:latest";
      autoStart = true;
      dependsOn = [
        "gluetun"
@@ -62,7 +62,7 @@ in
      ];
    };
    qbittorrent = {
-      image = "linuxserver/qbittorrent:latest";
+      image = "lscr.io/linuxserver/qbittorrent:latest";
      autoStart = true;
      dependsOn = [
        "gluetun"