Move Synapse to webserver

2022-11-11 16:11:54 +01:00 · 2022-11-11 16:11:54 +01:00 · f6856454e8
commit f6856454e8
parent 28bc8e4368
7 changed files with 46 additions and 55 deletions
--- a/container/matrix/config.nix
+++ b/container/matrix/config.nix
@ -1,16 +0,0 @@
-{ secret, ... }:
-
-{
-  # Synapse
-
-  systemd.tmpfiles.rules = [
-    "d /etc/container-matrix/synapse 0755 991 991"
-  ];
-
-  environment.etc."container-matrix/synapse/homeserver.yaml" = {
-    source = ../../secret/container/matrix/config/homeserver.yaml;
-    mode = "0640";
-    uid = 991;
-    gid = 991;
-  };
-}
--- a/container/matrix/default.nix
+++ b/container/matrix/default.nix
@ -1,32 +0,0 @@
-let
-  secret = import ../../secret/container/matrix;
-  custom-config = import ./config.nix { inherit secret; };
-in
-{
-  virtualisation.arion.projects.matrix.settings = {
-    services = {
-      synapse = {
-        service = {
-          image = "matrixdotorg/synapse:latest";
-          container_name = "synapse";
-          restart = "unless-stopped";
-          volumes = [
-            "/etc/container-matrix/synapse:/data"
-          ];
-          labels = {
-            "traefik.enable" = "true";
-            "traefik.http.routers.matrix.rule" = "Host(`matrix.kempkens.io`)";
-            "traefik.http.routers.matrix.entrypoints" = "websecure";
-            "traefik.http.routers.matrix.service" = "matrix-web";
-            "traefik.http.routers.matrix.tls.certresolver" = "cfresolver";
-            "traefik.http.routers.matrix.tls.domains[0].main" = "kempkens.io";
-            "traefik.http.routers.matrix.tls.domains[0].sans" = "*.kempkens.io";
-            "traefik.http.routers.matrix.middlewares" = "content-compression@file";
-            "traefik.http.services.matrix-web.loadbalancer.server.port" = "8008";
-            "com.centurylinklabs.watchtower.enable" = "true";
-          };
-        };
-      };
-    };
-  };
-} // custom-config
--- a/container/webserver/config.nix
+++ b/container/webserver/config.nix
@ -1,6 +1,12 @@
 { secret, ... }:

 {
+  systemd.tmpfiles.rules = [
+    "d /etc/container-webserver/weewx 0755 421 421"
+    "d /etc/container-webserver/weewx/html 0755 421 421"
+    "d /etc/container-matrix/synapse 0755 991 991"
+  ];
+
  # mosquitto

  environment.etc."container-webserver/mosquitto/mosquitto.conf" = {
@ -82,15 +88,19 @@

  # weewx

-  systemd.tmpfiles.rules = [
-    "d /etc/container-webserver/weewx 0755 421 421"
-    "d /etc/container-webserver/weewx/html 0755 421 421"
-  ];
-
  environment.etc."container-webserver/weewx/weewx.conf" = {
    source = ../../secret/container/webserver/config/weewx.conf;
    mode = "0644";
    uid = 421;
    gid = 421;
  };
+
+  # Matrix: Synapse
+
+  environment.etc."container-matrix/synapse/homeserver.yaml" = {
+    source = ../../secret/container/webserver/config/matrix/homeserver.yaml;
+    mode = "0640";
+    uid = 991;
+    gid = 991;
+  };
 }
--- a/container/webserver/default.nix
+++ b/container/webserver/default.nix
@ -57,7 +57,7 @@ in
          command = [ "--configFile=/traefik.toml" ];
          environment = secret.container.webserver.traefik.environment;
          volumes = [
-            "/var/run/docker.sock:/var/run/docker.sock"
+            "/var/run/docker.sock:/var/run/docker.sock:ro"
            "/etc/container-webserver/traefik/traefik.toml:/traefik.toml:ro"
            "/etc/container-webserver/traefik/acme.json:/acme.json"
            "/etc/container-webserver/traefik/custom:/custom_config:ro"
@ -132,6 +132,36 @@ in
          labels = secret.container.webserver.weewx.labels;
        };
      };
+
+      # Matrix
+
+      synapse = {
+        service = {
+          image = "matrixdotorg/synapse:latest";
+          container_name = "synapse";
+          restart = "unless-stopped";
+          depends_on = [
+            "ipv6nat"
+            "traefik"
+          ];
+          networks = [ "webserver" ];
+          volumes = [
+            "/etc/container-matrix/synapse:/data"
+          ];
+          labels = {
+            "traefik.enable" = "true";
+            "traefik.http.routers.matrix.rule" = "Host(`matrix.kempkens.io`)";
+            "traefik.http.routers.matrix.entrypoints" = "websecure";
+            "traefik.http.routers.matrix.service" = "matrix-web";
+            "traefik.http.routers.matrix.tls.certresolver" = "cfresolver";
+            "traefik.http.routers.matrix.tls.domains[0].main" = "kempkens.io";
+            "traefik.http.routers.matrix.tls.domains[0].sans" = "*.kempkens.io";
+            "traefik.http.routers.matrix.middlewares" = "content-compression@file";
+            "traefik.http.services.matrix-web.loadbalancer.server.port" = "8008";
+            "com.centurylinklabs.watchtower.enable" = "true";
+          };
+        };
+      };
    };

    networks.webserver = {
--- a/secret/container/matrix/default.nix
+++ b/secret/container/matrix/default.nix
--- a/secret/container/webserver/config/matrix/homeserver.yaml
+++ b/secret/container/webserver/config/matrix/homeserver.yaml
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@ -16,7 +16,6 @@ in

    ../nixos/arion.nix
    ../../container/webserver
-    ../../container/matrix
  ];

  nix = {