From bf94f7872a1df293bd904bbd2c1ef7229f4f98a8 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Thu, 14 Dec 2023 20:54:57 +0100
Subject: Run Matrix services in OCI containers

---
 tw/system/lud.scm | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'tw/system/lud.scm')

diff --git a/tw/system/lud.scm b/tw/system/lud.scm
index a7fe67db..b4fa7729 100644
--- a/tw/system/lud.scm
+++ b/tw/system/lud.scm
@@ -1,6 +1,12 @@
 (define-module (tw system lud)
   #:use-module (gnu)
   #:use-module (gnu bootloader grub)
+  #:use-module ((gnu services dbus)
+                #:select (dbus-root-service-type))
+  #:use-module ((gnu services desktop)
+                #:select (elogind-service-type))
+  #:use-module ((gnu services docker)
+                #:select (docker-service-type))
   #:use-module (gnu system locale)
   #:use-module (gnu system nss)
   #:use-module (guix gexp)
@@ -28,6 +34,11 @@
 (define data-partition                ; /dev/sdc1
   (uuid "4715ae0e-5cef-48f2-a59e-025321153888" 'btrfs))
 
+(define matrix-config
+  (matrix-configuration
+   (server-name "twilken.net")
+   (domain "matrix.twilken.net")))
+
 (define-public %lud-system
   (operating-system
     (host-name "lud.twilken.net")
@@ -232,6 +243,31 @@ innodb_buffer_pool_size = 1G
 innodb_io_capacity = 4000
 ")))
 
+            (service docker-service-type)
+            (service dbus-root-service-type)  ; required by `docker-service-type'
+            (service elogind-service-type)    ; required by `docker-service-type'
+
+            (service matrix-service-type matrix-config)
+
+            (simple-service 'homepage/matrix-well-known nginx-service-type
+              (list (nginx-server-configuration
+                     (listen '("443 ssl http2"))
+                     (server-name '("twilken.net"))
+                     (ssl-certificate "/etc/letsencrypt/live/twilken.net/fullchain.pem")
+                     (ssl-certificate-key "/etc/letsencrypt/live/twilken.net/privkey.pem")
+                     (server-tokens? #f)
+                     (locations
+                      ;; Handle /.well-known URLs, so that I can use @*:twilken.net usernames.
+                      (cons* (nginx-location-configuration
+                              (uri "/")
+                              (body '("return 301 https://www.twilken.net$request_uri;")))
+                             (matrix-well-known-nginx-locations matrix-config))))))
+
+            (simple-service 'homepage-certificate certbot-service-type
+              (list (certificate-configuration
+                     (domains '("twilken.net"))
+                     (deploy-hook %nginx-cert-deploy-hook))))
+
             ;; TODO: JSON exporter (Nextcloud)
             ;; TODO: Syncthing exporter
             ;; TODO: Transmission exporter
@@ -257,7 +293,6 @@ innodb_io_capacity = 4000
                                           " --fstab --verbose")))))
 
       %nextcloud-services
-      %matrix-services
       (server-base-services host-name)))
 
     ;; The list of user accounts ('root' is implicit).
-- 
cgit v1.2.3