From 34abb21e0b6849a1cd8e3d5d8b55137ad27eff85 Mon Sep 17 00:00:00 2001 From: Christine Elisabeth Koppel Date: Tue, 10 Feb 2026 00:58:40 +0100 Subject: [PATCH] Enhance configuration for Matrix to enable federation --- .../modules/system/teamspeak.nix | 2 +- nix-system-configs/modules/system/traefik.nix | 44 ++++++++++++------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/nix-system-configs/modules/system/teamspeak.nix b/nix-system-configs/modules/system/teamspeak.nix index 11499d3..5b5ab6a 100644 --- a/nix-system-configs/modules/system/teamspeak.nix +++ b/nix-system-configs/modules/system/teamspeak.nix @@ -61,7 +61,7 @@ settings.global = { allow_registration = true; # You will need this token when creating your first account. - registration_token = "testtoken1234"; + #registration_token = "testtoken1234"; # server_name = yourDomainName; port = 12244; # Bind to all interfaces so Traefik on the network can reach Conduit. diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix index 11e1bfb..ffe915e 100644 --- a/nix-system-configs/modules/system/traefik.nix +++ b/nix-system-configs/modules/system/traefik.nix @@ -67,6 +67,10 @@ ]; }; }; + # Federation entrypoint: external TLS on 8448 + federation = { + address = ":8448"; + }; # TeamSpeak entry points teamspeak-voice = { address = ":9987/udp"; @@ -100,7 +104,13 @@ entryPoints = ["websecure"]; tls = {}; }; - + # Matrix HTTP router for client requests (Element etc.) + matrix = { + rule = "Host(`lgbtq.prg-radio.org`)"; + service = "matrix"; + entryPoints = ["websecure"]; + tls = {}; + }; wavelog = { rule = "Host(`wavelog.prg-radio.org`)"; service = "wavelog"; @@ -114,13 +124,6 @@ entryPoints = ["websecure"]; tls = {}; }; - - matrix = { - rule = "Host(`lgbtq.prg-radio.org`)"; - service = "matrix"; - entryPoints = ["websecure"]; - tls = {}; - }; }; http.services = { forgejo.loadBalancer = { @@ -128,7 +131,11 @@ {url = "http://10.1.1.4:3000";} ]; }; - + matrix.loadBalancer = { + servers = [ + {url = "http://10.1.1.248:12244";} + ]; + }; wavelog.loadBalancer = { servers = [ {url = "http://10.1.1.249:8086";} @@ -140,12 +147,6 @@ {url = "http://10.1.1.249:8087";} ]; }; - - matrix.loadBalancer = { - servers = [ - { url = "http://10.1.1.248:12244"; } - ]; - }; }; # TCP routing for TeamSpeak @@ -160,6 +161,12 @@ service = "teamspeak-data"; entryPoints = ["teamspeak-data"]; }; + # Federation TCP router: incoming on :8448 -> Conduit backend + matrix-federation = { + rule = "HostSNI(`*`)"; + service = "matrix-federation"; + entryPoints = ["federation"]; + }; }; tcp.services = { @@ -173,6 +180,11 @@ {address = "10.1.1.248:30033";} ]; }; + matrix-federation.loadBalancer = { + servers = [ + {address = "10.1.1.248:12244";} + ]; + }; }; # UDP routing for TeamSpeak voice @@ -213,7 +225,7 @@ wants = ["acme-finished-prg-radio.org.target"]; }; - networking.firewall.allowedTCPPorts = [80 443 10022 30033]; + networking.firewall.allowedTCPPorts = [80 443 10022 30033 8448]; networking.firewall.allowedUDPPorts = [80 443 9987]; system.stateVersion = "25.11";