{ config, ... }: let inherit (import ../lib.nix config) mkContainer blazestar; matrixHost = "matrix"; serviceName = "matrix-blazestar-net"; dbPath = "/var/lib/matrix"; port = 8448; in { sops.secrets = { "matrix/blazestar-registration-token" = { restartUnits = [ "${config.local.container-backend}-matrix-blazestar-net.service" ]; }; }; sops.templates."matrix-blazestar-net.env".content = '' TUWUNEL_REGISTRATION_TOKEN=${config.sops.placeholder."matrix/blazestar-registration-token"} ''; # This isn't using any of my usual helpers because I wanted to set a custom # serviceName in Traefik that is different from the hostname to avoid # conflicts with the havenisms.com server. virtualisation.oci-containers.containers."${serviceName}" = { # The 1.1.0 version has an issue with the compression being incorrectly tagged. # See: https://github.com/matrix-construct/tuwunel/issues/79 image = "ghcr.io/matrix-construct/tuwunel:v1.0.0-release-all-x86_64-linux-gnu"; autoStart = true; volumes = [ "matrix-blazestar-net-db:${dbPath}" ]; environment = { TUWUNEL_PORT = toString port; TUWUNEL_ADDRESS = "0.0.0.0"; # It'll bind to localhost by default with Podman TUWUNEL_SERVER_NAME = "blazestar.net"; TUWUNEL_ALLOW_REGISTRATION = "true"; TUWUNEL_ALLOW_CHECK_FOR_UPDATES = "true"; TUWUNEL_ALLOW_FEDERATION = "true"; TUWUNEL_DATABASE_BACKEND = "rocksdb"; TUWUNEL_DATABASE_PATH = dbPath; TUWUNEL_WELL_KNOWN = '' { client=https://${matrixHost}.blazestar.net, server=${matrixHost}.blazestar.net:443 } ''; TUWUNEL_TRUSTED_SERVERS = ''["matrix.org", "chat.havenisms.com"]''; }; environmentFiles = [ config.sops.templates."matrix-blazestar-net.env".path ]; labels = { "traefik.enable" = "true"; "traefik.http.routers.${serviceName}.rule" = "Host(`${matrixHost}.${blazestar}`)"; "traefik.http.services.${serviceName}.loadbalancer.server.port" = "${toString port}"; # Redirect well-known requests to this host. "traefik.http.routers.${matrixHost}-blazestar-net-well-known.rule" = "Host(`blazestar.net`) && PathPrefix(`/.well-known/matrix`)"; "traefik.http.routers.${matrixHost}-blazestar-net-well-known.service" = serviceName; }; }; # virtualisation.oci-containers.containers.matrix-blazestar-net = # mkContainer { # image = "registry.gitlab.com/famedly/conduit/matrix-conduit:latest"; # hostName = hostname; # domain = blazestar; # port = port; # ports = [ # "8449:6167" # ]; # volumes = [ # "chat-blazestar-net-db:${dbPath}" # ]; # environment = { # CONDUIT_PORT = "6167"; # CONDUIT_SERVER_NAME = "blazestar.net"; # CONDUIT_ALLOW_REGISTRATION = "true"; # CONDUIT_DATABASE_BACKEND = "rocksdb"; # CONDUIT_DATABASE_PATH = dbPath; # CONDUIT_ALLOW_CHECK_FOR_UPDATES = "true"; # CONDUIT_ALLOW_FEDERATION = "true"; # CONDUIT_MAX_REQUEST_SIZE = "20000000"; # CONDUIT_TRUSTED_SERVERS = "[\"matrix.org\"]"; # CONDUIT_MAX_CONCURRENT_REQUESTS = "100"; # CONDUIT_WELL_KNOWN_CLIENT = "https://${hostname}.blazestar.net"; # CONDUIT_WELL_KNOWN_SERVER = "${hostname}.blazestar.net:443"; # CONDUIT_CONFIG = ""; # Ignore the config file # }; # extraLabels = { # "traefik.http.routers.${hostname}-blazestar-net-well-known.rule" = # "Host(`blazestar.net`) && PathPrefix(`/.well-known`)"; # "traefik.http.routers.${hostname}-blazestar-net-well-known.service" = "${hostname}-blazestar-net"; # }; # }; virtualisation.oci-containers.containers.chat = mkContainer { image = "vectorim/element-web:latest"; hostName = "chat"; port = 8080; domain = blazestar; environment = { ELEMENT_WEB_PORT = "8080"; }; }; }