jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

004-vps-migration #5

Merged
jawz merged 47 commits from 004-vps-migration into main 2026-02-06 09:20:18 -06:00
Conversation 0 Commits 47 Files Changed 38 +9 -11
1 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 2ef113bc0e - Show all commits

20
modules/servers/synapse.nix
View File

@@ -43,11 +43,6 @@ in
owner = "matrix-synapse";
group = "matrix-synapse";
};
"iqQCY4iAWO-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
"matrix/key" = {
sopsFile = ../../secrets/certs.yaml;
owner = "matrix-synapse";
@@ -102,7 +97,15 @@ in
};
})
(lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
my.servers.synapse.useDefaultProxy = false;
sops.secrets."iqQCY4iAWO-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
my.servers.synapse = {
useDefaultProxy = false;
certPath = config.sops.secrets."iqQCY4iAWO-ca/pem".path;
};
services.nginx.virtualHosts = {
"${cfgE.host}" = {
enableACME = true;
@@ -128,11 +131,6 @@ in
"/_matrix".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}";
"/_synapse/client".proxyPass = "http://[${config.my.localhost6}]:${toString cfg.port}";
};
# extraConfig = ''
# ssl_verify_client on;
# ssl_client_certificate ${config.sops.secrets."iqQCY4iAWO-ca/pem".path};
# error_page 403 /403.html;
# '';
};
};
})