From bf97625c7a7da3325ff8ce0a6803050fec8991de Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige.mcwhirter@iohk.io>
Date: Sat, 3 Oct 2020 20:13:25 +1000
Subject: [PATCH] Corrected federation

---
 roles/matrix.nix | 50 +++++++++++++++++++++++++++++++-----------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/roles/matrix.nix b/roles/matrix.nix
index 7727fb6..7829d93 100644
--- a/roles/matrix.nix
+++ b/roles/matrix.nix
@@ -23,24 +23,37 @@
       public_baseurl = "https://synapse.mcwhirter.io:443/";   # Matrix target URL
       web_client = true;                                      # Whether to serve a web client
       enable_registration = true;                             # Toggle user registration
-      listeners = [ {
-        bind_address = "::1";                                 # Listen on localhost only
-        port = 8008;                                          # Port to listen on
-        resources = [
-          {
-            compress = true;
-            names = [ "client" ];
-          } {
-            compress = false;
-            names = [ "federation" ];
-        } ];
-        tls = true;
-        type = "http";
-        x_forwarded = true;
-      } ];
+      listeners = [
+        { # federation
+          bind_address = "";
+          port = 8448;
+          resources = [
+            { compress = true; names = [ "client" ]; }
+            { compress = false; names = [ "federation" ]; }
+          ];
+          tls = true;
+          type = "http";
+          x_forwarded = false;
+        }
+        { # client
+          bind_address = "::1";                                 # Listen on localhost only
+          port = 8008;                                          # Port to listen on
+          resources = [
+            {
+              compress = true;
+              names = [ "client" ];
+            } {
+              compress = false;
+              names = [ "federation" ];
+          } ];
+          tls = true;
+          type = "http";
+          x_forwarded = true;
+        }
+      ];
       max_upload_size = "200M";                               # Also set client_max_body_size to at least this
-      tls_certificate_path = "/var/lib/acme/synapse.mcwhirter.io/fullchain.pem";
-      tls_private_key_path = "/var/lib/acme/synapse.mcwhirter.io/key.pem";
+      tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
+      tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
       turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
       turn_uris = [
         "turn:turn.mcwhirter.io:5349?transport=udp"
@@ -149,7 +162,8 @@
   networking.firewall = {
     enable = true;
     allowedTCPPorts = [
-      443   # HTTPS
+      443    # HTTPS
+      8448   # Matrix federation
     ];
   };