From 7ef99042fe0bb3823fa6f922dc7df040bc57248d Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Fri, 6 Dec 2024 05:45:32 +0300
Subject: [PATCH] Home: Add chat server.

---
 host/x86_64-linux/home/Bind.nix       |  1 +
 host/x86_64-linux/home/Chat.nix       | 54 +++++++++++++++++++++++++++
 host/x86_64-linux/home/Network.nix    |  4 ++
 host/x86_64-linux/home/nginx/Chat.nix | 17 +++++++++
 4 files changed, 76 insertions(+)
 create mode 100644 host/x86_64-linux/home/Chat.nix
 create mode 100644 host/x86_64-linux/home/nginx/Chat.nix

diff --git a/host/x86_64-linux/home/Bind.nix b/host/x86_64-linux/home/Bind.nix
index 7fd98ec..a86c7c5 100644
--- a/host/x86_64-linux/home/Bind.nix
+++ b/host/x86_64-linux/home/Bind.nix
@@ -17,6 +17,7 @@
 		(mkBind "jellyfin_cache" "/var/cache/jellyfin")
 		(mkBind "kavita"         "/var/lib/kavita")
 		(mkBind "letsencrypt"    "/etc/letsencrypt")
+		(mkBind "mattermost"     "/var/lib/mattermost")
 		(mkBind "nextcloud"      "/var/lib/nextcloud")
 		(mkBind "ovpn"           "/var/lib/ovpn")
 		(mkBind "paperless"      "/var/lib/paperless")
diff --git a/host/x86_64-linux/home/Chat.nix b/host/x86_64-linux/home/Chat.nix
new file mode 100644
index 0000000..ff2501d
--- /dev/null
+++ b/host/x86_64-linux/home/Chat.nix
@@ -0,0 +1,54 @@
+{
+	pkgs,
+	...
+}: {
+	services.mattermost = {
+		enable              = true;
+		listenAddress       = ":9609";
+		localDatabaseCreate = false;
+		mutableConfig       = false;
+		# package             = pkgs.mattermost;
+		siteName            = "Chat";
+		siteUrl             = "https://chat.voronind.com";
+		statePath           = "/var/lib/mattermost";
+		plugins = [
+			(pkgs.fetchurl rec {
+				hash    = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA=";
+				url     = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz";
+				version = "1.2.0";
+			})
+		];
+		extraConfig = {
+			SqlSettings = {
+				DataSource = "postgres:///mattermost?host=/run/postgresql";
+				DriverName = "postgres";
+			};
+		};
+	};
+
+	services.turn-rs = {
+		enable = true;
+		settings = {
+			auth = {
+				static_credentials = {
+					mattermost = "mattermost";
+				};
+			};
+			turn = {
+				interfaces = [
+					{
+						bind = "127.0.0.1:3478";
+						external = "127.0.0.1:3478";
+						transport = "udp";
+					}
+					{
+						bind = "127.0.0.1:3478";
+						external = "127.0.0.1:3478";
+						transport = "tcp";
+					}
+				];
+				realm = "localhost";
+			};
+		};
+	};
+}
diff --git a/host/x86_64-linux/home/Network.nix b/host/x86_64-linux/home/Network.nix
index 055780f..3892f01 100644
--- a/host/x86_64-linux/home/Network.nix
+++ b/host/x86_64-linux/home/Network.nix
@@ -193,6 +193,10 @@ in {
 				# Terraria server.
 				ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22777
 
+				# TURN server.
+				ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 3478
+				ip46tables -I INPUT -j ACCEPT -i ${wan} -p udp --dport 3478
+
 				# Public SSH access.
 				# ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 22143
 			'';
diff --git a/host/x86_64-linux/home/nginx/Chat.nix b/host/x86_64-linux/home/nginx/Chat.nix
new file mode 100644
index 0000000..f5ad31b
--- /dev/null
+++ b/host/x86_64-linux/home/nginx/Chat.nix
@@ -0,0 +1,17 @@
+{
+	util,
+	...
+}: {
+	"chat.voronind.com".extraConfig = util.trimTabs ''
+		listen 443 ssl;
+
+		location / {
+			proxy_pass http://127.0.0.1:9609$request_uri;
+		}
+
+		ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
+		include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+		ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+	'';
+}