61 lines
2.0 KiB
Nix
61 lines
2.0 KiB
Nix
{ config, ... }:
|
|
let inherit (import ./lib.nix config) hostRule havenisms;
|
|
syncRule = "(PathPrefix(`/client/`) || PathPrefix(`/_matrix/client/unstable/org.matrix.msc3575/sync`))";
|
|
wellKnownRule = "PathPrefix(`/.well-known`)";
|
|
in
|
|
{
|
|
virtualisation.oci-containers.containers = {
|
|
synapse = {
|
|
image = "docker.io/matrixdotorg/synapse:latest";
|
|
autoStart = true;
|
|
dependsOn = [
|
|
"db"
|
|
];
|
|
volumes = [
|
|
"/tank/config/synapse/data:/data"
|
|
];
|
|
ports = [
|
|
"8008:8008/tcp"
|
|
];
|
|
extraOptions = [
|
|
"-l=traefik.enable=true"
|
|
"-l=traefik.http.routers.synapse.rule=${hostRule "chat" havenisms} && !(${syncRule} || ${wellKnownRule})"
|
|
"-l=traefik.http.services.synapse.loadbalancer.server.port=8008"
|
|
];
|
|
};
|
|
matrix_sliding_sync = {
|
|
image = "ghcr.io/matrix-org/sliding-sync:latest";
|
|
dependsOn = ["db"];
|
|
ports = [
|
|
"8009:8009"
|
|
];
|
|
environment = {
|
|
SYNCV3_SERVER = "http://synapse:8008";
|
|
# TODO: Store password securely
|
|
SYNCV3_DB = "postgres://syncv3:TZKr3RNmVx@db:5432/syncv3?sslmode=disable";
|
|
# TODO: Store secret securely
|
|
SYNCV3_SECRET = "4917590296b90910ec31ba355af6c7731409fd5f284d24912b852c3f928fa162";
|
|
SYNCV3_BINDADDR = ":8009";
|
|
};
|
|
extraOptions = [
|
|
"-l=traefik.enable=true"
|
|
"-l=traefik.http.routers.syncv3.rule=${hostRule "chat" havenisms} && ${syncRule}"
|
|
"-l=traefik.http.services.syncv3.loadbalancer.server.port=8009"
|
|
];
|
|
};
|
|
# This server helps to serve the .well-known files that are required by clients to find the sync server.
|
|
matrix_well_known = {
|
|
image = "nginx";
|
|
ports = [ "80" ];
|
|
volumes = [
|
|
"/tank/config/synapse/static-files:/usr/share/nginx/html:ro"
|
|
];
|
|
extraOptions = [
|
|
"-l=traefik.enable=true"
|
|
"-l=traefik.http.routers.matrix-static.rule=${hostRule "chat" havenisms} && ${wellKnownRule}"
|
|
"-l=traefik.http.services.matrix-static.loadbalancer.server.port=80"
|
|
];
|
|
};
|
|
};
|
|
}
|