Enhance configuration for Matrix to enable federation

2026-02-10 00:58:40 +01:00 · 2026-02-10 00:58:40 +01:00 · 34abb21e0b
commit 34abb21e0b
parent a027b99446
2 changed files with 29 additions and 17 deletions
--- a/nix-system-configs/modules/system/teamspeak.nix
+++ b/nix-system-configs/modules/system/teamspeak.nix
@ -61,7 +61,7 @@
      settings.global = {
        allow_registration = true;
        # You will need this token when creating your first account.
-        registration_token = "testtoken1234";
+        #registration_token = "testtoken1234";
        # server_name = yourDomainName;
        port = 12244;
        # Bind to all interfaces so Traefik on the network can reach Conduit.
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@ -67,6 +67,10 @@
              ];
            };
          };
+          # Federation entrypoint: external TLS on 8448
+          federation = {
+            address = ":8448";
+          };
          # TeamSpeak entry points
          teamspeak-voice = {
            address = ":9987/udp";
@ -100,7 +104,13 @@
            entryPoints = ["websecure"];
            tls = {};
          };
-
+          # Matrix HTTP router for client requests (Element etc.)
+          matrix = {
+            rule = "Host(`lgbtq.prg-radio.org`)";
+            service = "matrix";
+            entryPoints = ["websecure"];
+            tls = {};
+          };
          wavelog = {
            rule = "Host(`wavelog.prg-radio.org`)";
            service = "wavelog";
@ -114,13 +124,6 @@
            entryPoints = ["websecure"];
            tls = {};
          };
-
-          matrix = {
-            rule = "Host(`lgbtq.prg-radio.org`)";
-            service = "matrix";
-            entryPoints = ["websecure"];
-            tls = {};
-          };
        };
        http.services = {
          forgejo.loadBalancer = {
@ -128,7 +131,11 @@
              {url = "http://10.1.1.4:3000";}
            ];
          };
-
+          matrix.loadBalancer = {
+            servers = [
+              {url = "http://10.1.1.248:12244";}
+            ];
+          };
          wavelog.loadBalancer = {
            servers = [
              {url = "http://10.1.1.249:8086";}
@ -140,12 +147,6 @@
              {url = "http://10.1.1.249:8087";}
            ];
          };
-
-          matrix.loadBalancer = {
-            servers = [
-              { url = "http://10.1.1.248:12244"; }
-            ];
-          };
        };

        # TCP routing for TeamSpeak
@ -160,6 +161,12 @@
            service = "teamspeak-data";
            entryPoints = ["teamspeak-data"];
          };
+          # Federation TCP router: incoming on :8448 -> Conduit backend
+          matrix-federation = {
+            rule = "HostSNI(`*`)";
+            service = "matrix-federation";
+            entryPoints = ["federation"];
+          };
        };

        tcp.services = {
@ -173,6 +180,11 @@
              {address = "10.1.1.248:30033";}
            ];
          };
+          matrix-federation.loadBalancer = {
+            servers = [
+              {address = "10.1.1.248:12244";}
+            ];
+          };
        };

        # UDP routing for TeamSpeak voice
@ -213,7 +225,7 @@
      wants = ["acme-finished-prg-radio.org.target"];
    };

-    networking.firewall.allowedTCPPorts = [80 443 10022 30033];
+    networking.firewall.allowedTCPPorts = [80 443 10022 30033 8448];
    networking.firewall.allowedUDPPorts = [80 443 9987];

    system.stateVersion = "25.11";