fix: Matrix server fix

2026-02-11 03:55:29 +05:30
parent 66b7a31943
commit 3a97de6af2
7 changed files with 64 additions and 39 deletions
--- a/home/apps/matrix.nix
+++ b/home/apps/matrix.nix
@@ -1,5 +1,7 @@
 {pkgs, ...}: {
  home.packages = [
    pkgs.fluffychat
+    pkgs.fractal
+    # pkgs.quaternion
  ];
 }
--- a/home/services/hyprpaper.nix
+++ b/home/services/hyprpaper.nix
@@ -9,6 +9,7 @@
    nextcloudWallpapers = name: config.home.homeDirectory + "/Nextcloud/Wallpapers/" + name;
    # silksongFleas = nextcloudWallpapers "silksong-fleas.jpg";
    bocchiVertical = nextcloudWallpapers "bocchi-vertical.jpg";
+    silksongShadeLord = nextcloudWallpapers "silksong-shadelord.jpg";
  in {
    enable = device.is "ryu";
    settings = {
@@ -16,7 +17,7 @@
      wallpaper = [
        {
          monitor = device.monitors.primary;
-          path = wallpapers.skull;
+          path = silksongShadeLord;
          fit_mode = "cover";
        }
        {
--- a/nixos/tako/services/default.nix
+++ b/nixos/tako/services/default.nix
@@ -24,7 +24,7 @@
    ./searxng.nix
    ./tailscale.nix
    ./kellnr.nix
-    ./tuwunel.nix
+    ./matrix
  ];
  services = {
    nix-serve = {
--- a/nixos/tako/services/matrix/default.nix
+++ b/nixos/tako/services/matrix/default.nix
@@ -0,0 +1,7 @@
+{...}: {
+  imports = [
+    ./tuwunel.nix
+    # ./signal.nix // libolm deprecated
+    # ./discord.nix
+  ];
+}
--- a/nixos/tako/services/matrix/discord.nix
+++ b/nixos/tako/services/matrix/discord.nix
@@ -0,0 +1,19 @@
+{...}: {
+  services.mautrix-discord = {
+    enable = true;
+    settings = {
+      homeserver = {
+        address = "http://localhost:6167";
+        domain = "darksailor.dev";
+      };
+      appservice.public = {
+        prefix = "/public";
+        external = "https://matrix.darksailor.dev/public";
+      };
+      bridge.permissions = {
+        "darksailor.dev" = "user";
+        "@servius:darksailor.dev" = "admin";
+      };
+    };
+  };
+}
--- a/nixos/tako/services/matrix/signal.nix
+++ b/nixos/tako/services/matrix/signal.nix
@@ -0,0 +1,5 @@
+{...}: {
+  services.mautrix-signal = {
+    enable = true;
+  };
+}
--- a/nixos/tako/services/matrix/tuwunel.nix
+++ b/nixos/tako/services/matrix/tuwunel.nix
@@ -13,9 +13,9 @@
      };
    };
    sso_redirect_options = {
-      # immediate = false;
-      # on_welcome_page = true;
-      # on_login_page = true;
+      immediate = false;
+      on_welcome_page = true;
+      on_login_page = true;
    };
  };
  elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
@@ -53,18 +53,31 @@ in {
          callback_url = "https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}";
        }
      ];
+      well_known = {
+        client = "https://matrix.${base_domain}";
+        server = "matrix.${base_domain}:443";
+      };
    };
    package = pkgs.matrix-tuwunel;
  };
-  services.caddy.virtualHosts."matrix.${base_domain}, matrix.${base_domain}:8448".extraConfig = ''
-    reverse_proxy /_matrix/* localhost:${toString port}
-    handle_path /config.json {
-        root ${elementConfigFile}
+  services.caddy.virtualHosts = {
+    "matrix.${base_domain}".extraConfig = ''
+      reverse_proxy /_matrix/* localhost:${toString port}
+      handle_path /config.json  {
        file_server
-    }
-    root * ${pkgs.element-web}
-    file_server
-  '';
+        root ${elementConfigFile}
+      }
+      root * ${pkgs.element-web}
+      file_server
+    '';
+    "${base_domain}".extraConfig = ''
+      reverse_proxy /.well-known/* localhost:${toString port}
+    '';
+    # "matrix.${base_domain}:8448".extraConfig = ''
+    #   reverse_proxy /_matrix/* localhost:${toString port}
+    # '';
+  };
+  networking.firewall.allowedTCPPorts = [8448];

  users.users.${config.services.caddy.user}.extraGroups = [config.services.matrix-tuwunel.group];

@@ -94,14 +107,13 @@ in {
                  require_pkce = false;
                  # pkce_challenge_method = "S256";
                  redirect_uris = [
-                    # "https://auth.${base_domain}/user/oauth2/authelia/callback"
-                    "https://matrix.${base_domain}/_matrix/client/v3/login/sso/redirect/${client_id}"
+                    "https://matrix.${base_domain}/_matrix/client/unstable/login/sso/callback/${client_id}"
                  ];
                  scopes = [
-                    "email"
-                    "name"
+                    "openid"
                    "groups"
-                    "preferred_username"
+                    "email"
+                    "profile"
                  ];
                  response_types = ["code"];
                  response_modes = ["form_post"];
@@ -117,24 +129,3 @@ in {
    };
  };
 }
-# templates = {
-#   "tuwunel-auth.toml" = {
-#     content = ''
-#       [[global.identity_provider]]
-#       brand = "Authelia"
-#       name = "Authelia"
-#       default = true
-#       issuer_url = "https://auth.${base_domain}"
-#       client_id = "${config.sops.placeholder."tuwunel/client_id"}"
-#       client_secret = "${config.sops.placeholder."tuwunel/client_secret"}"
-#       callback_url = "https://matrix.${base_domain}/_matrix/client/v3/login/sso/redirect/${config.sops.placeholder."tuwunel/client_id"}"
-#     '';
-#     # callback_url = "https://auth.${base_domain}/_matrix/client/unstable/login/sso/callback/${config.sops.placeholder."tuwunel/client_id"}"
-#     owner = config.services.matrix-tuwunel.user;
-#     group = config.services.matrix-tuwunel.group;
-#   };
-# };
-# extraEnvironment = {
-#   CONDUIT_CONFIG = config.sops.templates."tuwunel-auth.toml".path;
-# };
-