daniel/dotfiles
1
0
Fork 0
Code Activity Actions

Move Synapse to webserver

Browse source
This commit is contained in:
Daniel Kempkens 2022-11-11 16:11:54 +01:00
parent 28bc8e4368
commit f6856454e8
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
7 changed files with 46 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
container/matrix/config.nix
View file

@ -1,16 +0,0 @@
{ secret, ... }:
{
# Synapse
systemd.tmpfiles.rules = [
"d /etc/container-matrix/synapse 0755 991 991"
];
environment.etc."container-matrix/synapse/homeserver.yaml" = {
source = ../../secret/container/matrix/config/homeserver.yaml;
mode = "0640";
uid = 991;
gid = 991;
};
}

32
container/matrix/default.nix
View file

@ -1,32 +0,0 @@
let
secret = import ../../secret/container/matrix;
custom-config = import ./config.nix { inherit secret; };
in
{
virtualisation.arion.projects.matrix.settings = {
services = {
synapse = {
service = {
image = "matrixdotorg/synapse:latest";
container_name = "synapse";
restart = "unless-stopped";
volumes = [
"/etc/container-matrix/synapse:/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.matrix.rule" = "Host(`matrix.kempkens.io`)";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.service" = "matrix-web";
"traefik.http.routers.matrix.tls.certresolver" = "cfresolver";
"traefik.http.routers.matrix.tls.domains[0].main" = "kempkens.io";
"traefik.http.routers.matrix.tls.domains[0].sans" = "*.kempkens.io";
"traefik.http.routers.matrix.middlewares" = "content-compression@file";
"traefik.http.services.matrix-web.loadbalancer.server.port" = "8008";
"com.centurylinklabs.watchtower.enable" = "true";
};
};
};
};
};
} // custom-config

20
container/webserver/config.nix
View file

@ -1,6 +1,12 @@
{ secret, ... }: { secret, ... }:
{ {
systemd.tmpfiles.rules = [
"d /etc/container-webserver/weewx 0755 421 421"
"d /etc/container-webserver/weewx/html 0755 421 421"
"d /etc/container-matrix/synapse 0755 991 991"
];
# mosquitto # mosquitto
environment.etc."container-webserver/mosquitto/mosquitto.conf" = { environment.etc."container-webserver/mosquitto/mosquitto.conf" = {
@ -82,15 +88,19 @@
# weewx # weewx
systemd.tmpfiles.rules = [
"d /etc/container-webserver/weewx 0755 421 421"
"d /etc/container-webserver/weewx/html 0755 421 421"
];
environment.etc."container-webserver/weewx/weewx.conf" = { environment.etc."container-webserver/weewx/weewx.conf" = {
source = ../../secret/container/webserver/config/weewx.conf; source = ../../secret/container/webserver/config/weewx.conf;
mode = "0644"; mode = "0644";
uid = 421; uid = 421;
gid = 421; gid = 421;
}; };
# Matrix: Synapse
environment.etc."container-matrix/synapse/homeserver.yaml" = {
source = ../../secret/container/webserver/config/matrix/homeserver.yaml;
mode = "0640";
uid = 991;
gid = 991;
};
} }

32
container/webserver/default.nix
View file

@ -57,7 +57,7 @@ in
command = [ "--configFile=/traefik.toml" ]; command = [ "--configFile=/traefik.toml" ];
environment = secret.container.webserver.traefik.environment; environment = secret.container.webserver.traefik.environment;
volumes = [ volumes = [
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock:ro"
"/etc/container-webserver/traefik/traefik.toml:/traefik.toml:ro" "/etc/container-webserver/traefik/traefik.toml:/traefik.toml:ro"
"/etc/container-webserver/traefik/acme.json:/acme.json" "/etc/container-webserver/traefik/acme.json:/acme.json"
"/etc/container-webserver/traefik/custom:/custom_config:ro" "/etc/container-webserver/traefik/custom:/custom_config:ro"
@ -132,6 +132,36 @@ in
labels = secret.container.webserver.weewx.labels; labels = secret.container.webserver.weewx.labels;
}; };
}; };
# Matrix
synapse = {
service = {
image = "matrixdotorg/synapse:latest";
container_name = "synapse";
restart = "unless-stopped";
depends_on = [
"ipv6nat"
"traefik"
];
networks = [ "webserver" ];
volumes = [
"/etc/container-matrix/synapse:/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.matrix.rule" = "Host(`matrix.kempkens.io`)";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.service" = "matrix-web";
"traefik.http.routers.matrix.tls.certresolver" = "cfresolver";
"traefik.http.routers.matrix.tls.domains[0].main" = "kempkens.io";
"traefik.http.routers.matrix.tls.domains[0].sans" = "*.kempkens.io";
"traefik.http.routers.matrix.middlewares" = "content-compression@file";
"traefik.http.services.matrix-web.loadbalancer.server.port" = "8008";
"com.centurylinklabs.watchtower.enable" = "true";
};
};
};
}; };
networks.webserver = { networks.webserver = {

BIN
secret/container/matrix/default.nix
View file

Binary file not shown.

0
secret/container/matrix/config/homeserver.yaml → secret/container/webserver/config/matrix/homeserver.yaml
View file

1
system/hosts/sail.nix
View file

@ -16,7 +16,6 @@ in
../nixos/arion.nix ../nixos/arion.nix
../../container/webserver ../../container/webserver
../../container/matrix
]; ];
nix = { nix = {