blob: db21f17205880bc0d7f603993c7713cca81c65d9 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
(define-module (tw services matrix)
#:use-module (gnu services)
#:use-module (gnu services certbot)
#:use-module (gnu services web)
#:use-module (tw services))
(define-public %matrix-services
(list (simple-service 'synapse-certificates certbot-service-type
(list (certificate-configuration
(domains '("matrix.twilken.net"))
(deploy-hook %httpd-cert-deploy-hook))))
(simple-service 'synapse-https-proxy httpd-service-type
;; Synapse can't access certbot certs, but Apache/httpd
;; can, so proxy HTTPS access through. It's good to have
;; Synapse available on port 443 anyway.
(list (httpd-virtualhost "*:443" (list "\
# Redirect to Synapse, to avoid having to specify its port number in Matrix clients.
ServerName matrix.twilken.net
SSLEngine on
SSLCertificateFile \"/etc/letsencrypt/live/matrix.twilken.net/fullchain.pem\"
SSLCertificateKeyFile \"/etc/letsencrypt/live/matrix.twilken.net/privkey.pem\"
ProxyPass \"/\" \"https://127.0.0.1:48448/\"
"))))
;; TODO: Postgres for Synapse
;; (service postgresql-service-type
;; (postgresql-configuration
;; (postgresql postgresql-15)
;; (data-directory "/var/lib/postgresql/data")))
;; (service postgresql-role-service-type
;; (postgresql-role-configuration
;; (roles (list (postgresql-role
;; (name "synapse") ; TODO
;; (create-database? #t))))))
;; TODO: Matrix/Synapse
;; TODO: Matrix bridges
))
|