Working on setting up matrix

modules/hosts/nixos/hetznix01/default.nix

@@ -2,8 +2,7 @@
   imports = [
     ./hardware-configuration.nix
     ./disk-config.nix
-    ./post-install-general.nix
-    ./post-install-nginx.nix
+    ./post-install
   ];
 
   system.stateVersion = "24.05";
@@ -41,6 +40,10 @@
 
   services = {
     fail2ban.enable = true;
+    postgresql = {
+      enable = true;
+      package = pkgs.postresql_16;
+    };
     uptime-kuma = {
       enable = true;
       settings = {

modules/hosts/nixos/hetznix01/post-install/default.nix

@@ -1,6 +1,8 @@
 { config, username, ... }: {
   imports = [
-    ../../../system/common/linux/restic.nix
+    ../../../../system/common/linux/restic.nix
+    ./matrix-synapse.nix
+    ./nginx.nix
   ];
 
   services = {
@@ -22,7 +24,7 @@
 
   sops = {
     age.keyFile = /home/${username}/.config/sops/age/keys.txt;
-    defaultSopsFile = ./secrets.yaml;
+    defaultSopsFile = ../secrets.yaml;
     secrets = {
       local_git_config = {
         owner = "${username}";

modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix

@@ -0,0 +1,46 @@
+{ config, pkgs, ... }: let
+  #
+in {
+  services.matrix-synapse = {
+    enable = true;
+    configureRedisLocally = true;
+    settings = {
+      public_baseurl = "https://matrix.technicalissues.us";
+      listeners = [
+        {
+          port = 8008;
+          tls = false;
+          type = "http";
+          x_forwarded = true;
+          bind_addresses = [
+            "::1"
+            "127.0.0.1"
+          ];
+          resources = [
+            {
+              names = [
+                "client"
+                "federation"
+              ];
+              compress = false;
+            }
+          ];
+        }
+      ];
+      database = {
+        name = "psycopg2";
+        args = {
+          user = "synapse_user";
+          database = "synapse";
+        };
+      };
+      url_preview_enabled = true;
+      enable_registration = false;
+      registration_shared_secret = config.sops.secrets.matrix-registration_shared_secret;
+      macaroon_secret_key = config.sops.secrets.matrix-macaroon_secret_key;
+      trusted_key_servers = [{ server_name = "matrix.org"; }];
+
+    };
+
+  };
+}

modules/hosts/nixos/hetznix01/post-install/nginx.nix

@@ -5,7 +5,7 @@
 in {
 
   imports = [
-    ../../../system/common/linux/lets-encrypt.nix
+    ../../../../system/common/linux/lets-encrypt.nix
   ];
   services.nginx = {
     enable = true;