diff options
Diffstat (limited to '')
| -rw-r--r-- | sys/web/sites/matrix.nix | 46 |
1 files changed, 16 insertions, 30 deletions
diff --git a/sys/web/sites/matrix.nix b/sys/web/sites/matrix.nix index ee2f773..5583b47 100644 --- a/sys/web/sites/matrix.nix +++ b/sys/web/sites/matrix.nix @@ -20,35 +20,21 @@ in sites.portal.enable = true; }; - services.nginx.virtualHosts = { - ${domains.exdev.main}.locations = - let - serverConfig."m.server" = "${domains.matrix.main}:443"; - clientConfig."m.homeserver".base_url = "https://${domains.matrix.main}"; - - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; - in - { - "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - - ${domains.matrix.main} = { - forceSSL = true; - useACMEHost = domains.matrix.main; - - locations = - let - proxyLocation = - throwIf (hasSuffix "/" cfg.proxyUrl) - "matrix site: a trailing slash *must not* be used here" - cfg.proxyUrl; - in - { + services.nginx.virtualHosts = + let + proxyLocation = + throwIf (hasSuffix "/" cfg.proxyUrl) + "matrix site: a trailing slash *must not* be used here" + cfg.proxyUrl; + in + { + ${domains.exdev.main}.locations."/.well-known/matrix".proxyPass = proxyLocation; + + ${domains.matrix.main} = { + forceSSL = true; + useACMEHost = domains.matrix.main; + + locations = { "/".extraConfig = '' return 403; ''; @@ -60,7 +46,7 @@ in # Forward requests for e.g. SSO and password-resets. "/_synapse/client".proxyPass = proxyLocation; }; + }; }; - }; }; } |