···

       
70
       
70
       
 
       
  authelia-port = 3008;

     

       
71
       
71
       
 
       
  authelia-hostname = "auth.wiro.world";

     

       
72
       
72
       
 
       


     

       
73
       
73
       
+
       
  matrix-port = 3009;

     

       
74
       
74
       
+
       
  matrix-hostname = "matrix.wiro.world";

     

       
75
       
75
       
+
       


     

       
73
       
76
       
 
       
  prometheus-port = 9001;

     

       
74
       
77
       
 
       
  prometheus-node-exporter-port = 9002;

     

       
75
       
78
       
 
       
  headscale-metrics-port = 9003;

     
···

       
182
       
185
       
 
       
          }

     

       
183
       
186
       
 
       
        '' +

     

       
184
       
187
       
 
       
        ''

     

       
188
       
188
       
+
       
          reverse_proxy /.well-known/matrix/* http://localhost:${toString matrix-port}

     

       
189
       
189
       
+
       
        '' +

     

       
190
       
190
       
+
       
        ''

     

       
185
       
191
       
 
       
          reverse_proxy https://mrnossiom.github.io {

     

       
186
       
192
       
 
       
          	header_up Host {http.request.host}

     

       
187
       
193
       
 
       
          }

     
···

       
221
       
227
       
 
       


     

       
222
       
228
       
 
       
      virtualHosts.${authelia-hostname}.extraConfig = ''

     

       
223
       
229
       
 
       
        reverse_proxy http://localhost:${toString authelia-port}

     

       
230
       
230
       
+
       
      '';

     

       
231
       
231
       
+
       


     

       
232
       
232
       
+
       
      virtualHosts.${matrix-hostname}.extraConfig = ''

     

       
233
       
233
       
+
       
        reverse_proxy /_matrix/* http://localhost:${toString matrix-port}

     

       
224
       
234
       
 
       
      '';

     

       
225
       
235
       
 
       
    };

     

       
226
       
236
       
 
       


     
···

       
457
       
467
       
 
       
        };

     

       
458
       
468
       
 
       
      };

     

       
459
       
469
       
 
       
    };

     

       
470
       
470
       
+
       


     

       
471
       
471
       
+
       
    age.secrets.matrix-env.file = ../../secrets/matrix-env.age;

     

       
472
       
472
       
+
       
    services.matrix-conduit = {

     

       
473
       
473
       
+
       
      enable = true;

     

       
474
       
474
       
+
       
      package = upkgs.matrix-conduit;

     

       
475
       
475
       
+
       


     

       
476
       
476
       
+
       
      settings.global = {

     

       
477
       
477
       
+
       
        address = "127.0.0.1";

     

       
478
       
478
       
+
       
        port = matrix-port;

     

       
479
       
479
       
+
       


     

       
480
       
480
       
+
       
        server_name = "wiro.world";

     

       
481
       
481
       
+
       
        well_known = {

     

       
482
       
482
       
+
       
          client = "https://matrix.wiro.world";

     

       
483
       
483
       
+
       
          server = "matrix.wiro.world:443";

     

       
484
       
484
       
+
       
        };

     

       
485
       
485
       
+
       


     

       
486
       
486
       
+
       
        database_backend = "sqlite";

     

       
487
       
487
       
+
       
        enable_lightning_bolt = false;

     

       
488
       
488
       
+
       


     

       
489
       
489
       
+
       
        # Set in `CONDUIT_REGISTRATION_TOKEN`

     

       
490
       
490
       
+
       
        # registration_token = ...;

     

       
491
       
491
       
+
       
        allow_registration = true;

     

       
492
       
492
       
+
       
      };

     

       
493
       
493
       
+
       
    };

     

       
494
       
494
       
+
       
    systemd.services.conduit.serviceConfig.EnvironmentFile = config.age.secrets.matrix-env.path;

     

       
460
       
495
       
 
       
  };

     

       
461
       
496
       
 
       
}

     

···

       
1
       
1
       
+
       
age-encryption.org/v1

     

       
2
       
2
       
+
       
-> ssh-ed25519 sMF1bg ynWhH67Y3AynyxoD9WmVKgNTAyb7ktUYUkRniXvfslw

     

       
3
       
3
       
+
       
hlN/NsBEhTwkeaSdCd6uj/U2X9wi/cFwwjIhDUYWtYQ

     

       
4
       
4
       
+
       
-> ssh-ed25519 SmMcWg SXQ91ashcl6UJMPAV/7mI950cczhMAJrjcnkdck8DWw

     

       
5
       
5
       
+
       
mndS8XyN+e1A4WRCU9dJ6bF50wrFnK6GPaJy/HJyMMA

     

       
6
       
6
       
+
       
-> ssh-ed25519 Q8rMFA g3PNPWKFO8Rf473kBaTuZUnalCI7b8Wl6W9qA7ldv2M

     

       
7
       
7
       
+
       
9UfrXGhwc5Fn42UFr1sHIvtFp0QeqAvu4bhkjEolTZs

     

       
8
       
8
       
+
       
--- vzV9NNriSPI4sc2eiJZ0HlxGG9f+BRwsALPWdmEoG84

     

       
9
       
9
       
+
       
�m�eqW{kU����/���mb[\���F*<,02MM���x�0��)��+��Zy�Ws-0e��o6Uv�o��0o W>"S���
8�(#
     

···

       
28
       
28
       
 
       
  "authelia-storage-key.age".publicKeys = deploy;

     

       
29
       
29
       
 
       
  "authelia-ldap-password.age".publicKeys = deploy;

     

       
30
       
30
       
 
       
  "authelia-smtp-password.age".publicKeys = deploy;

     

       
31
       
31
       
+
       
  # Defines `CONDUIT_REGISTRATION_TOKEN`

     

       
32
       
32
       
+
       
  "matrix-env.age".publicKeys = deploy;

     

       
31
       
33
       
 
       


     

       
32
       
34
       
 
       
  # Not used in config but useful

     

       
33
       
35
       
 
       
  "pgp-ca5e.age".publicKeys = users;