xengi/infra
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of ssh://git.berlin.ccc.de/cccb/matrix

Browse source
This commit is contained in:
XenGi 2025-12-05 12:07:53 +01:00
commit 25fbc227fb
Signed by: xengi
SSH key fingerprint: SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
3 changed files with 20 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

22
README.md
View file

@ -13,20 +13,30 @@ server {
hostname berlin.ccc.de; hostname berlin.ccc.de;
location "/.well-known/matrix/server" { location "/.well-known/matrix/server" {
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin "*";
return 200 '{"m.server":"matrix.berlin.ccc.de:443"}'; return 200 '{"m.server":"matrix.berlin.ccc.de:443"}';
} }
location "/.well-known/matrix/client" {
default_type application/json;
add_header Access-Control-Allow-Origin "*";
return 200 '{"m.homeserver": {"base_url": "https://matrix.berlin.ccc.de"}}';
}
} }
``` ```
# DNS # DNS
``` ```dns
_matrix-fed._tcp.matrix.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de.
#_matrix._tcp.matrix.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de.
#_matrix._tcp.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de.
_matrix-fed._tcp.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de. _matrix-fed._tcp.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de.
matrix.berlin.ccc.de. IN A <IPv4> _matrix-fed._tcp.berlin.ccc.de. IN SRV 10 0 443 matrix.berlin.ccc.de.
matrix.berlin.ccc.de. IN AAAA <IPv6> matrix.berlin.ccc.de. IN A 195.160.173.25
matrix.berlin.ccc.de. IN AAAA 2001:678:760:cccb::25
matrix.berlin.ccc.de. IN CAA 0 issue "letsencrypt.org;validationmethods=http-01"
matrix.berlin.ccc.de. IN CAA 0 iodef "mailto:caa@xengi.de"
matrix.berlin.ccc.de. IN SSHFP 1 1 f40e117b002957939a454070adbbafe42d6f5842
matrix.berlin.ccc.de. IN SSHFP 1 2 8ba0c605a365ef5369e91c531dd86fabfe4ce6dbd5e8280093ec2672d67c329b
matrix.berlin.ccc.de. IN SSHFP 4 1 62d10fa57f8a1aa7469cd9b00621e4ce89261d91
matrix.berlin.ccc.de. IN SSHFP 4 2 ca80a6685984da140ac850e4951fa31e70b616e87f62f46437af3bfd215af887
``` ```
# Bots # Bots

1
configuration.nix
View file

@ -160,7 +160,6 @@
renewInterval = "daily"; renewInterval = "daily";
email = "acme@xengi.de"; email = "acme@xengi.de";
group = "nginx"; group = "nginx";
webroot = "/var/lib/acme/acme-challenges";
}; };
}; };
}; };

38
services/nginx.nix
View file

@ -25,39 +25,10 @@ in
quic = true; quic = true;
kTLS = true; kTLS = true;
forceSSL = true; forceSSL = true;
useACMEHost = fqdn; enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = 8448;
ssl = true;
}
];
locations = { locations = {
"/.well-known/acme-challenge".root = config.security.acme.defaults.webroot; #"/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
"/".return = "418 \"🫖\""; "/".return = "418 \"🫖\"";
"= /.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
recommendedProxySettings = true; recommendedProxySettings = true;
proxyPass = "http://[::1]:8008"; proxyPass = "http://[::1]:8008";
@ -70,8 +41,5 @@ in
}; };
}; };
}; };
security.acme.certs."${fqdn}" = {
reloadServices = [ "nginx" ];
};
} }