Switch schildichat to element
Schildichat is vulnerable to CVE-2023-37259, element is a drop-in
replacement so long as we set the correct config options
Change-Id: I32952b00014730c85b90221a2f5812e9f949a842
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/191
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>
diff --git a/modules/common/nginx-routes.nix b/modules/common/nginx-routes.nix
index f61f3cc..589de9c 100644
--- a/modules/common/nginx-routes.nix
+++ b/modules/common/nginx-routes.nix
@@ -43,7 +43,7 @@
"reading.thecoded.prof"
] (ReverseProxy "generic:1032"))
(Hosts ["matrix.clicks.codes" "matrix.coded.codes"] (Directory "${builtins.toString
- (pkgs.schildichat-web.override {
+ (pkgs.element-web.override {
conf = {
default_server_config =
lib.pipe ./nginx/clicks.codes/.well-known/matrix [
@@ -59,10 +59,17 @@
feature_custom_themes = true;
feature_dehydration = true;
};
- setting_defaults = { "fallbackICEServerAllowed" = true; };
+ setting_defaults = {
+ "fallbackICEServerAllowed" = true;
+ "UIFeature.passwordReset" = false;
+ "UIFeature.deactivate" = false;
+ };
+ show_labs_settings = true;
default_theme = "dark";
disable_guests = true;
disable_3pid_login = true;
+ logout_redirect_url = "https://login.clicks.codes/realms/master/protocol/openid-connect/logout?client_id=matrix";
+ sso_redirect_options.immediate = true;
};
})}"))
(Host "api.clicks.codes"