From e7f3e1ba7cc993623110d8c3f05ec2b7aeec19b2 Mon Sep 17 00:00:00 2001
From: Tristan <tristan@tristans.cloud>
Date: Sat, 17 Feb 2024 17:06:11 +0000
Subject: [PATCH] synapse proxy

---
 hardware/alpine.nix        |  1 +
 nixos/services/synapse.nix | 45 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 nixos/services/synapse.nix

diff --git a/hardware/alpine.nix b/hardware/alpine.nix
index 4d4df9c..b0c1803 100644
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@@ -16,6 +16,7 @@ in {
     ../nixos/services/mpd.nix
     ../nixos/services/prometheus.nix
     ../nixos/services/grafana.nix
+    ../nixos/services/synapse.nix
   ];
 
   boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
diff --git a/nixos/services/synapse.nix b/nixos/services/synapse.nix
new file mode 100644
index 0000000..976704a
--- /dev/null
+++ b/nixos/services/synapse.nix
@@ -0,0 +1,45 @@
+let
+  fqdn = "${hostname}.${domain}";
+  domain = "tristans.cloud";
+  hostname = "matrix";
+  mkWellKnown = data: ''
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
+in
+{
+  services.matrix-synapse = {
+    enable = false; # using podman for the moment
+  };
+  services.nginx.virtualHosts = {
+    ${domain} = {
+      locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
+        "m.server" = "${fqdn}:443";
+      };
+      locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
+        "m.homeserver".base_url = "https://${fqdn}";
+        "org.matrix.msc3575.proxy"."url" = "https://${fqdn}";
+      }; 
+      locations."= /.well-known/matrix/support".extraConfig = mkWellKnown {
+        admins = [{
+          matrix_id = "@tristan:tristans.cloud";
+          email_address = "tristan@tristans.cloud";
+          role = "admin";
+        }];
+      }; 
+      locations."/_matrix".proxyPass = "http://localhost:8008";
+      locations."/_synapse/client".proxyPass = "http://localhost:8008";
+      locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass =
+        "http://localhost:8009";
+    };
+    ${fqdn} = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/_matrix".proxyPass = "http://localhost:8008";
+      locations."/_synapse/client".proxyPass = "http://localhost:8008";
+      locations."/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass =
+        "http://localhost:8009";
+    };
+  };
+}