nixos-config/config/services/matrix-media-repo.nix

201 lines
5.9 KiB
Nix
Raw Normal View History

2022-06-12 16:39:15 +01:00
{
system,
config,
pkgs,
lib,
...
}: let
2023-06-13 06:46:23 +01:00
inherit (pkgs) matrix-media-repo;
2022-06-12 16:39:15 +01:00
config-yml = pkgs.writeText "matrix-media-repo.yaml" (lib.generators.toYAML {} {
2022-04-29 17:34:08 +01:00
repo = {
bindAddress = "127.0.0.1";
port = 8008;
2022-05-27 18:58:46 +01:00
logDirectory = "-";
2022-04-29 17:34:08 +01:00
};
2022-04-29 21:11:01 +01:00
database.postgres = "postgresql:///matrix_media_repo?sslmode=disable&host=/run/postgresql";
2022-06-12 16:39:15 +01:00
homeservers = [
{
2024-10-01 22:11:40 +02:00
name = "chir.rs";
2022-08-26 07:30:59 +01:00
csApi = "https://matrix.chir.rs";
2024-09-25 16:04:39 +02:00
signingKeyPath = config.sops.secrets."services/matrix-media-repo/signing.key".path;
2022-08-26 07:30:59 +01:00
}
2022-06-12 16:39:15 +01:00
];
2023-09-15 13:58:12 +01:00
accessTokens.maxCacheTimeSeconds = 43200;
2022-06-12 16:39:15 +01:00
admins = ["@lotte:chir.rs"];
datastores = [
{
type = "s3";
2023-05-23 05:55:27 +01:00
id = "b003babbb86fecf56bb9ba6571f9adb0bd1e71c8";
2022-06-12 16:39:15 +01:00
enabled = true;
forKinds = ["all"];
opts = {
2023-09-15 13:58:12 +01:00
tempPath = "/var/lib/matrix-media-repo";
2023-10-01 15:47:26 +01:00
endpoint = "ams1.vultrobjects.com";
2022-06-12 16:39:15 +01:00
accessKeyId = "#ACCESS_KEY_ID#";
accessSecret = "#SECRET_ACCESS_KEY#";
ssl = true;
bucketName = "matrix-chir-rs";
2023-10-01 15:47:26 +01:00
region = "ams1";
2022-06-12 16:39:15 +01:00
};
}
];
2022-05-03 10:31:27 +01:00
metrics = {
enabled = true;
bindAddress = "::";
2023-12-10 21:27:33 +01:00
port = 20855;
2022-05-03 10:31:27 +01:00
};
2022-05-27 15:27:16 +01:00
urlPreviews = {
enabled = true;
numWorkers = 10;
2023-12-11 11:33:45 +01:00
oEmbed = false;
2022-08-20 14:18:18 +01:00
allowedNetworks = [
"0.0.0.0/0"
"::/0"
];
2022-05-27 15:27:16 +01:00
disallowedNetworks = [
"127.0.0.1/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"::1/128"
"fe80::/64"
"fc00::/7"
];
# user agent header was a mistake
2023-11-18 10:53:21 +01:00
userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0, matrix-media-repo (like twitterbot; like telegrambot; like discordbot; like facebook; like whatsapp; like firefox/92; like vkshare) +https://github.com/DarkKirb/nixos-config/pull/264";
2022-05-27 15:27:16 +01:00
};
downloads = {
expireAfterDays = 7;
};
2022-05-28 08:38:51 +01:00
featureSupport = {
2023-09-15 13:58:12 +01:00
};
2024-06-09 12:18:09 +01:00
rateLimit.enabled = false;
2022-08-25 16:44:57 +01:00
thumbnails = {
maxSourceBytes = 0;
maxPixels = 102000000;
types = [
"image/jpeg"
"image/jpg"
"image/png"
"image/apng"
"image/gif"
"image/heif"
"image/webp"
"image/svg+xml"
2022-08-26 10:47:45 +01:00
"image/jxl"
2022-08-25 16:44:57 +01:00
"audio/mpeg"
"audio/ogg"
"audio/wav"
"audio/flac"
"video/mp4"
"video/webm"
"video/x-matroska"
"video/quicktime"
];
};
2022-04-29 17:34:08 +01:00
});
2022-06-12 16:39:15 +01:00
in {
2022-04-29 17:34:08 +01:00
systemd.services.matrix-media-repo = {
description = "Matrix Media Repo";
2022-06-12 16:39:15 +01:00
after = ["network.target"];
wantedBy = ["multi-user.target"];
2022-08-25 16:44:57 +01:00
path = [matrix-media-repo pkgs.ffmpeg pkgs.imagemagick];
2022-04-29 17:34:08 +01:00
preStart = ''
akid=$(cat ${config.sops.secrets."services/matrix-media-repo/access-key-id".path})
2022-04-30 09:15:58 +01:00
sak=$(cat ${config.sops.secrets."services/matrix-media-repo/secret-access-key".path})
2022-04-29 17:42:18 +01:00
cat ${config-yml} > /var/lib/matrix-media-repo/config.yml
2022-04-29 17:46:43 +01:00
sed -i "s|#ACCESS_KEY_ID#|$akid|g" /var/lib/matrix-media-repo/config.yml
sed -i "s|#SECRET_ACCESS_KEY#|$sak|g" /var/lib/matrix-media-repo/config.yml
2022-04-29 17:34:08 +01:00
'';
serviceConfig = {
Type = "simple";
User = "matrix-media-repo";
Group = "matrix-media-repo";
Restart = "always";
ExecStart = "${matrix-media-repo}/bin/media_repo -config /var/lib/matrix-media-repo/config.yml";
};
};
sops.secrets."services/matrix-media-repo/access-key-id".owner = "matrix-media-repo";
sops.secrets."services/matrix-media-repo/secret-access-key".owner = "matrix-media-repo";
2024-09-25 16:04:39 +02:00
sops.secrets."services/matrix-media-repo/signing.key".owner = "matrix-media-repo";
2022-04-29 17:34:08 +01:00
users.users.matrix-media-repo = {
description = "Matrix Media Repository";
home = "/var/lib/matrix-media-repo";
useDefaultShell = true;
group = "matrix-media-repo";
isSystemUser = true;
};
2022-06-12 16:39:15 +01:00
users.groups.matrix-media-repo = {};
2022-04-29 17:34:08 +01:00
systemd.tmpfiles.rules = [
"d '/var/lib/matrix-media-repo' 0750 matrix-media-repo matrix-media-repo - -"
];
2022-04-29 21:00:21 +01:00
services.postgresql.ensureDatabases = [
"matrix_media_repo"
2022-04-29 21:00:21 +01:00
];
2022-08-26 16:28:14 +01:00
services.caddy.virtualHosts."matrix.chir.rs" = {
useACMEHost = "chir.rs";
2022-12-30 14:03:57 +01:00
logFormat = pkgs.lib.mkForce "";
2022-08-26 16:28:14 +01:00
extraConfig = ''
import baseConfig
2023-06-11 20:18:38 +01:00
route {
handle /_matrix/media/* {
uri * replace /unstable/fi.mau.msc2246/ /v1/
reverse_proxy http://localhost:8008 {
header_down Access-Control-Allow-Origin *
header_down Access-Control-Allow-Headers *
2024-10-01 22:11:40 +02:00
header_up Host chir.rs
header_up X-Forwarded-Host chir.rs
2023-06-11 20:18:38 +01:00
}
2022-08-26 16:28:14 +01:00
}
2023-06-11 20:18:38 +01:00
handle /_matrix/client/v3/logout/* {
2024-10-01 22:11:40 +02:00
reverse_proxy {
to http://localhost:8008
header_up Host chir.rs
header_up X-Forwarded-Host chir.rs
}
2023-06-11 20:18:38 +01:00
}
2022-08-26 16:28:14 +01:00
2024-07-24 12:07:33 +02:00
handle /_matrix/client/v1/media/* {
2024-10-01 22:11:40 +02:00
reverse_proxy {
to http://localhost:8008
header_up Host chir.rs
header_up X-Forwarded-Host chir.rs
}
2024-07-24 12:07:33 +02:00
}
2024-07-25 18:12:15 +00:00
2024-07-24 12:07:33 +02:00
handle /_matrix/federation/v1/media/* {
2024-10-01 22:11:40 +02:00
reverse_proxy {
to http://localhost:8008
header_up Host chir.rs
header_up X-Forwarded-Host chir.rs
}
2024-07-24 12:07:33 +02:00
}
2023-06-11 20:18:38 +01:00
handle /_matrix/* {
reverse_proxy {
to https://matrix.int.chir.rs
header_up Host {upstream_hostport}
2022-08-26 16:28:14 +01:00
2023-06-11 20:18:38 +01:00
transport http {
2024-06-05 19:38:34 +01:00
versions 1.1
2023-06-11 20:18:38 +01:00
}
2022-08-26 16:28:14 +01:00
}
}
2023-06-11 20:18:38 +01:00
handle /.well-known/matrix/server {
header Access-Control-Allow-Origin *
header Content-Type application/json
respond "{ \"m.server\": \"matrix.chir.rs:443\" }" 200
}
2022-08-26 16:28:14 +01:00
2023-06-11 20:18:38 +01:00
handle /.well-known/matrix/client {
header Access-Control-Allow-Origin *
header Content-Type application/json
2024-09-26 14:01:05 +02:00
respond "{ \"m.homeserver\": { \"base_url\": \"https://matrix.chir.rs\" } }" 200
2023-06-11 20:18:38 +01:00
}
2022-08-26 16:28:14 +01:00
}
'';
2022-04-29 21:35:33 +01:00
};
2022-04-29 17:34:08 +01:00
}