fix: use synapse and nfty for matrix and federation

2026-02-23 23:01:26 -08:00 · 2026-02-23 23:01:26 -08:00 · 7795be78c5
commit 7795be78c5
parent 75a49c7516
7 changed files with 68 additions and 1 deletions
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -22,6 +22,11 @@
            header Content-Type "application/json"
            respond `{"m.homeserver": {"base_url": "https://matrix.extremist.software"}}`
          }
+          handle /.well-known/matrix/support {
+            header Access-Control-Allow-Origin "*"
+            header Content-Type "application/json"
+            respond `{"admins": [{"matrix_id": "@jet:extremist.software","role": "admin"}]}`
+          }
          handle {
            redir https://jetpham.com{uri}
          }
@ -59,6 +64,12 @@
        '';
      };

+      "ntfy.extremist.software" = {
+        extraConfig = ''
+          reverse_proxy localhost:2586
+        '';
+      };
+
      "matrix.extremist.software" = {
        extraConfig = ''
          reverse_proxy /_matrix/* 127.0.0.1:8008
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@ -23,7 +23,30 @@
        }
      ];
      
-      enable_registration = true;
+      enable_registration = false;
+      registration_shared_secret = "extremist_software_admin_creation";
+      macaroon_secret_key = config.mySecrets.matrixMacaroon;
+      database = {
+        name = "psycopg2";
+        allow_unsafe_locale = true;
+        args = {
+          user = "matrix-synapse";
+          database = "matrix-synapse";
+          host = "/run/postgresql";
+          cp_min = 5;
+          cp_max = 10;
+        };
+      };
    };
  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "matrix-synapse" ];
+    ensureUsers = [{
+      name = "matrix-synapse";
+      ensureDBOwnership = true;
+    }];
+  };
 }
+
--- a/modules/ntfy.nix
+++ b/modules/ntfy.nix
@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = "https://ntfy.extremist.software";
+      listen-http = ":2586";
+      behind-proxy = true;
+      auth-file = "/var/lib/ntfy-sh/user.db";
+      auth-default-access = "deny-all";
+      enable-login = true;
+      auth-users = [
+        "jet:${config.mySecrets.ntfyAdminHash}:admin"
+      ];
+      auth-access = [
+        "*:up*:write-only"
+      ];
+    };
+  };
+}