{ config , ... }: let host = "514fpv.io"; in { services.matrix-synapse = { enable = true; withJemalloc = true; dataDir = "/nix/persist/service/matrix"; extraConfigFiles = [ "/nix/persist/service/matrix/secrets.yml" ]; settings = { server_name = host; public_baseurl = "https://${host}:8448/"; listeners = [ { bind_addresses = [ "127.0.0.1" ]; port = 8008; tls = false; type = "http"; x_forwarded = true; resources = [ { compress = true; names = [ "client" ]; } { compress = false; names = [ "federation" ]; } ]; } ]; # turn server configuration turn_uris = [ "turn:${config.services.coturn.realm}:3478?transport=udp" "turn:${config.services.coturn.realm}:3478?transport=tcp" ]; turn_user_lifetime = "1h"; }; }; services.nginx.virtualHosts.${host} = { listen = [{ addr = "0.0.0.0"; port = 8448; ssl = true; }]; useACMEHost = host; addSSL = true; locations."/".extraConfig = '' return 404; ''; locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; networking.firewall.allowedTCPPorts = [ 8448 ]; global.fs.zfs.mountpoints."/nix/persist/service/matrix" = "service/matrix"; }