From e31455f02e81e11bf7b0385adb6b9b45fa07978c Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski Date: Fri, 20 Mar 2026 08:39:45 +0100 Subject: (deployment systems aisaka): implement initial reverse proxy for Matrix --- deployment/systems/aisaka.scm | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'deployment/systems/aisaka.scm') diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm index 5174e61..6dab453 100644 --- a/deployment/systems/aisaka.scm +++ b/deployment/systems/aisaka.scm @@ -51,6 +51,8 @@ #:prefix gnu:system:shadow:) #:use-module ((nongnu packages linux) #:prefix nongnu:packages:linux:) + #:use-module ((gnu packages matrix) + #:prefix gnu:packages:matrix:) #:use-module ((nongnu system linux-initrd) #:prefix nongnu:system:linux-initrd:) #:use-module ((sovereign devices) @@ -99,6 +101,7 @@ ("dkim._domainkey" ttl "IN" "TXT" "\"v=DKIM1; d=marekpasnikowski.pl; t=s; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/b/WV5EUxqAhBgJ4v5K3sP8QI+IwziRJ/F9SDO3p3QOMjZd9AGVt2/AztZ4EmcOJnTlbQnLE/DKCOq4HAdxSZjIqj5AXyMddvWiO78+ugdame/flV0tjdDGNflx65Twap3qgJ9jzhvJfZ1BDuh2WC06fn2pyFl1TCETEGp6ZDkI41FW5GH8l9Jk7hhCmr+Mau0EpE7V42lBdireItOA1e7jQcub50584QATme4rYxA7WR4AeIsknOkUo4q8vkVrssoP11nSg/sNM9RGn1QDfVMJRX0twtgGnJ8N5QE4Ia9DvXL4Y0PNMC0/frp13pB6m1VQP/Z4jfDy+TQzEdSRaQIDAQAB\"") ("git" ttl "IN" "CNAME" "www") ("guix" ttl "IN" "CNAME" "www") + ("matrix" ttl "IN" "CNAME" "www") ("radicale" ttl "IN" "CNAME" "www") ("schron" ttl "IN" "CNAME" "www") ("sejf" ttl "IN" "CNAME" "www") @@ -110,7 +113,7 @@ (origin "marekpasnikowski.pl") (ns "ns1.marekpasnikowski.pl.") (mail "marek.marekpasnikowski.pl.") - (serial 2026031700))) + (serial 2026032000))) (define master-zone (gnu:services:dns:knot-zone-configuration @@ -225,6 +228,14 @@ "proxy_pass_header Authorization ;")) (uri "/"))) +(define nginx-location-proxy-matrix + (gnu:services:web:nginx-location-configuration + (body (list "proxy_pass http://localhost:8008 ;" + "proxy_set_header X-Forwarded-For $remote_addr ;" + "proxy_set_header X-Forwarded-Proto $scheme ;" + "proxy_set_header Host $host:$server_port ;")) + (uri "~ ^(/_matrix|/_synapse/client)"))) + (define nginx-location-proxy-radicale (gnu:services:web:nginx-location-configuration (body (list "proxy_pass http://localhost:8080/ ;" @@ -264,9 +275,20 @@ (define nginx-server-guix (gnu:services:web:nginx-server-configuration - (locations (list nginx-location-proxy-guix)) - (listen (list "192.168.10.2:443 ssl")) - (server-name (list "guix.marekpasnikowski.pl")))) + (locations (list nginx-location-proxy-guix)) + (listen (list "192.168.10.2:443 ssl")) + (server-name (list "guix.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem"))) + +(define nginx-server-matrix + (gnu:services:web:nginx-server-configuration + (locations (list nginx-location-proxy-matrix)) + (listen (list "192.168.10.2:443 ssl")) + (root gnu:packages:matrix:synapse) + (server-name (list "matrix.marekpasnikowski.pl")) + (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem") + (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem"))) (define nginx-server-portal (gnu:services:web:nginx-server-configuration @@ -338,6 +360,7 @@ (server-blocks (list nginx-server-portal nginx-server-www nginx-server-guix + nginx-server-matrix nginx-server-test nginx-server-schron nginx-server-sejf @@ -378,6 +401,7 @@ (domains (list "marekpasnikowski.pl" "git.marekpasnikowski.pl" "guix.marekpasnikowski.pl" + "matrix.marekpasnikowski.pl" "radicale.marekpasnikowski.pl" "schron.marekpasnikowski.pl" "sejf.marekpasnikowski.pl" @@ -684,6 +708,7 @@ gnu:system:shadow:%base-groups)) (packages (cons* sovereign:packages:jekyll:custom-jekyll gnu:packages:tls:openssl + gnu:packages:matrix:synapse gnu:system:%base-packages)) (timezone "Europe/Warsaw") (locale sovereign:systems:pl-locale) -- cgit v1.3