sercanto/mio-ops
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

Corrected federation

Browse source
This commit is contained in:
Craige McWhirter 2020-10-03 20:13:25 +10:00
parent dfae7e01bc
commit bf97625c7a
Signed by: sercanto
GPG key ID: 7DBA9F5689EFB6AA
1 changed files with 32 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
roles/matrix.nix
View file

@ -23,24 +23,37 @@
public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL
web_client = true; # Whether to serve a web client web_client = true; # Whether to serve a web client
enable_registration = true; # Toggle user registration enable_registration = true; # Toggle user registration
listeners = [ { listeners = [
bind_address = "::1"; # Listen on localhost only { # federation
port = 8008; # Port to listen on bind_address = "";
resources = [ port = 8448;
{ resources = [
compress = true; { compress = true; names = [ "client" ]; }
names = [ "client" ]; { compress = false; names = [ "federation" ]; }
} { ];
compress = false; tls = true;
names = [ "federation" ]; type = "http";
} ]; x_forwarded = false;
tls = true; }
type = "http"; { # client
x_forwarded = true; bind_address = "::1"; # Listen on localhost only
} ]; port = 8008; # Port to listen on
resources = [
{
compress = true;
names = [ "client" ];
} {
compress = false;
names = [ "federation" ];
} ];
tls = true;
type = "http";
x_forwarded = true;
}
];
max_upload_size = "200M"; # Also set client_max_body_size to at least this max_upload_size = "200M"; # Also set client_max_body_size to at least this
tls_certificate_path = "/var/lib/acme/synapse.mcwhirter.io/fullchain.pem"; tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem";
tls_private_key_path = "/var/lib/acme/synapse.mcwhirter.io/key.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem";
turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6";
turn_uris = [ turn_uris = [
"turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5349?transport=udp"
@ -149,7 +162,8 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
443 # HTTPS 443 # HTTPS
8448 # Matrix federation
]; ];
}; };