preliminary matrix

2023-12-27 14:48:20 +00:00 · 2023-12-27 14:48:20 +00:00 · 8798d16239
commit 8798d16239
parent dccf6a5a67
1 changed files with 12 additions and 18 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -11,6 +11,8 @@ let

  gitea_host = "git.${root_host}";
  gitea_port = 8081;
+
+   matrix_host = "matrix.${root_host}";
 in {
  imports = [
    ./hardware-configuration.nix    
@ -18,6 +20,7 @@ in {

  services.postgresql = {
    enable = true;
+    # CREATE DATABASE synapse ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER synapse;
    ensureDatabases = [ "synapse" ];
    package = pkgs.postgresql_15;
    ensureUsers = [
@ -85,12 +88,10 @@ host    replication     all             ::1/128                 md5
          port = 5432;
          dbname = "synapse";
          user = "synapse";
-          cp_min = 5;
-          cp_max = 10;
+          cp_min = 10;
+          cp_max = 40;
          client_encoding = "auto";
          passfile = config.age.secrets.synapse_db_pass_prepared.path;
-#          password = "synapse";
-#          dbname = "synapse";
        };
      };
    };  
@ -123,8 +124,6 @@ host    replication     all             ::1/128                 md5
      group = "matrix-synapse";
      mode = "0600";
    };
-
-#    duckdns_token.file = ./secrets/duckdns_token.age;
  };

  users.users.grimmauld = {
@ -163,16 +162,6 @@ host    replication     all             ::1/128                 md5
    pypy3
  ];

-#  systemd.services = {
-#    dynamic-dns-updater = {
-#      path = [
-#        pkgs.curl
-#      ];
-#      script = ''curl "https://www.duckdns.org/update?domains=grimmauld&token=$(<${config.age.secrets.duckdns_token.path})&ip="'';
-#      startAt = "hourly";
-#    };
-#  };
-
  security.acme = {
    acceptTerms = true;
    defaults.email = root_email;
@ -191,7 +180,7 @@ host    replication     all             ::1/128                 md5

  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ 80 443 puffer_sftp_port 25565 8448 ];
+    allowedTCPPorts = [ 80 443 puffer_sftp_port 25565 8448 8008 ];
    allowPing = true;
    allowedUDPPortRanges = [
 #      { from = 4000; to = 4007; }
@ -225,7 +214,12 @@ host    replication     all             ::1/128                 md5
    virtualHosts."${root_host}" = {
      forceSSL = true;
      useACMEHost = root_host;
+#      locations."/" = {
        root = "/var/www/grimmauld.duckdns.org";
+#      };
+#      locations."/.well-known/matrix/" = {
+#        root = "/var/www/grimmauld.duckdns.org/.well-known/matrix";
+#      };
    };

    virtualHosts."${puffer_host}" = {