From d82cd7ae26e2d5056157eae4d8a8e252b62e033a Mon Sep 17 00:00:00 2001
From: tonybanters <tonyoutoften@gmail.com>
Date: Thu, 12 Feb 2026 01:39:58 -0800
Subject: [PATCH] Initial commit.

---
 configuration.nix |  39 ++++++++++++++++++
 flake.nix         |  17 ++++++++
 matrix.nix        | 101 ++++++++++++++++++++++++++++++++++++++++++++++
 readme.org        |  38 +++++++++++++++++
 4 files changed, 195 insertions(+)
 create mode 100644 configuration.nix
 create mode 100644 flake.nix
 create mode 100644 matrix.nix
 create mode 100644 readme.org

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..6aa588a
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./matrix.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "nixos-matrix";
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "America/Los_Angeles";
+
+  users.users.tony = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+  };
+
+  services.openssh.enable = true;
+  services.nginx.enable = true;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "your-email@example.com";
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    git
+  ];
+
+  system.stateVersion = "25.11";
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..bc9e27e
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,17 @@
+{
+  description = "Matrix Homeserver, Btw";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+  }: {
+    nixosConfigurations.nixos-matrix = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [./configuration.nix];
+    };
+  };
+}
diff --git a/matrix.nix b/matrix.nix
new file mode 100644
index 0000000..6554d2c
--- /dev/null
+++ b/matrix.nix
@@ -0,0 +1,101 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  domain = "enter-your-domain";
+  matrixDomain = "matrix.${domain}";
+  clientConfig = {
+    "m.homeserver".base_url = "https://${matrixDomain}";
+    "m.identity_server" = {};
+  };
+  serverConfig = {
+    "m.server" = "${matrixDomain}:443";
+  };
+  mkWellKnown = data: ''
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+    return 200 '${builtins.toJSON data}';
+  '';
+in {
+  services.matrix-synapse = {
+    enable = true;
+    settings = {
+      server_name = domain;
+      public_baseurl = "https://${matrixDomain}";
+
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = ["127.0.0.1"];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = ["client" "federation"];
+              compress = true;
+            }
+          ];
+        }
+      ];
+
+      database = {
+        name = "psycopg2";
+        allow_unsafe_locale = true;
+        args = {
+          user = "matrix-synapse";
+          database = "matrix-synapse";
+          host = "/run/postgresql";
+        };
+      };
+
+      max_upload_size_mib = 100;
+      url_preview_enabled = true;
+      enable_registration = false;
+      enable_metrics = false;
+      registration_shared_secret_path = "/var/lib/matrix-synapse/registration_secret";
+
+      trusted_key_servers = [
+        {
+          server_name = "matrix.org";
+        }
+      ];
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = ["matrix-synapse"];
+    ensureUsers = [
+      {
+        name = "matrix-synapse";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    enableACME = true;
+    forceSSL = true;
+    locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+    locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+  };
+
+  services.nginx.virtualHosts.${matrixDomain} = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8008";
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+        client_max_body_size 100M;
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [8448];
+}
diff --git a/readme.org b/readme.org
new file mode 100644
index 0000000..4c4ce45
--- /dev/null
+++ b/readme.org
@@ -0,0 +1,38 @@
+#+TITLE: Matrix Homeserver on NixOS
+
+* Prerequisites
+- NixOS installed
+- Domain with DNS pointing to server (A record: =matrix.yourdomain.com=)
+- Port 443, 8448 forwarded
+
+* Setup
+
+1. Clone to =/etc/nixos= (or copy files)
+2. Edit =matrix.nix= line 7: change =enter-your-domain= to your domain
+3. Edit =configuration.nix= line 30: set your ACME email
+4. Copy your =hardware-configuration.nix= into the directory
+5. Rebuild:
+#+begin_src sh
+nixos-rebuild switch --flake /etc/nixos#nixos-matrix
+#+end_src
+
+* Create Admin Account
+
+#+begin_src sh
+sudo matrix-synapse-register_new_matrix_user
+#+end_src
+
+Prompts for: username, password, admin (y/n)
+
+* Verify
+
+#+begin_src sh
+systemctl status matrix-synapse postgresql nginx
+#+end_src
+
+Test federation: https://federationtester.matrix.org
+
+* Notes
+- Registration disabled by default (=enable_registration = false=)
+- SSL via Let's Encrypt (automatic)
+- PostgreSQL configured automatically