From 86348d4c609feddd8c125c35f8bc8feb21fa9e4a Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 28 Feb 2021 16:16:06 +0100
Subject: [PATCH] vueko: Add element-web

---
 machines/vueko/configuration.nix        |  2 ++
 machines/vueko/services/element-web.nix | 45 +++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 machines/vueko/services/element-web.nix

diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix
index c927b08..bcc9574 100644
--- a/machines/vueko/configuration.nix
+++ b/machines/vueko/configuration.nix
@@ -12,6 +12,8 @@ in
     ./hardware-configuration.nix
     ../../modules
 
+    ./services/element-web.nix
+
     "${infinisilSystem}/config/new-modules/murmur.nix"
   ];
 
diff --git a/machines/vueko/services/element-web.nix b/machines/vueko/services/element-web.nix
new file mode 100644
index 0000000..7581ce3
--- /dev/null
+++ b/machines/vueko/services/element-web.nix
@@ -0,0 +1,45 @@
+{ lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts."chat.sbruder.de" = {
+    enableACME = true;
+    forceSSL = true;
+
+    root = pkgs.element-web;
+
+    extraConfig = ''
+      # https://github.com/vector-im/element-web#configuration-best-practices
+      add_header Content-Security-Policy "frame-ancestors 'none'";
+      add_header X-Content-Type-Options nosniff;
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-XSS-Protection "1; mode=block";
+    '';
+
+    # nixpkgs’s override mechanism doesn’t allow overriding of all options
+    locations."=/config.chat.sbruder.de.json".alias = pkgs.writeText "config.chat.sbruder.de.json" (lib.generators.toJSON { } {
+      default_server_config = {
+        "m.homeserver" = {
+          base_url = "https://matrix.sbruder.de";
+          server_name = "matrix.sbruder.de";
+        };
+      };
+      showLabsSettings = true;
+      branding = {
+        authFooterLinks = [ ];
+      };
+      piwik = false;
+      defaultCountryCode = "DE";
+      settingDefaults = {
+        "UIFeature.feedback" = false;
+        "UIFeature.shareSocial" = false;
+        "UIFeature.identityServer" = false;
+        "UIFeature.thirdPartyId" = false;
+      };
+      disable_custom_urls = true;
+      jitsi.preferredDomain = "meet.jalr.de";
+      disable_guests = true;
+      disable_3pid_login = true;
+      desktopBuilds.available = false;
+    });
+  };
+}