diff --git a/ops/nixos/bvm-matrix/default.nix b/ops/nixos/bvm-matrix/default.nix index 1f8401f1b5..5e16bec7c7 100644 --- a/ops/nixos/bvm-matrix/default.nix +++ b/ops/nixos/bvm-matrix/default.nix @@ -36,6 +36,13 @@ in { }; my.ip.tailscale = "100.74.197.67"; + services.postfix = { + enable = true; + hostname = "matrix.zxcvbnm.ninja"; + origin = "zxcvbnm.ninja"; + domain = "zxcvbnm.ninja"; + enableSubmission = true; + }; services.postgresql = { enable = true; ensureDatabases = [ "matrix-synapse" ]; @@ -93,6 +100,24 @@ in { enable = true; server_name = "zxcvbnm.ninja"; macaroon_secret_key = machineSecrets.macaroonSecretKey; + turn_uris = [ + "turn:matrix.zxcvbnm.ninja:3478?transport=udp" + "turn:matrix.zxcvbnm.ninja:3478?transport=tcp" + ]; + turn_shared_secret = machineSecrets.turnSecret; + public_baseurl = "https://matrix.zxcvbnm.ninja/"; + url_preview_enabled = true; + url_preview_ip_range_blacklist = [ + "127.0.0.0/8" + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + "100.64.0.0/10" + "169.254.0.0/16" + "::1/128" + "fe80::/64" + "fc00::/7" + ]; listeners = [{ port = 8008; bind_address = "::1";