move matrix to bicep
This commit is contained in:
@@ -4,9 +4,11 @@
|
||||
./hardware-configuration.nix
|
||||
|
||||
../../base.nix
|
||||
./services/nginx
|
||||
|
||||
./services/postgres.nix
|
||||
./services/jokum.nix
|
||||
|
||||
./services/matrix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bicep/bicep.yaml;
|
||||
@@ -22,10 +24,10 @@
|
||||
|
||||
systemd.network.networks."30-enp6s0f0" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "enp6s0f0";
|
||||
address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
address = with values.hosts.bicep; [ (ipv4 + "/25") (ipv6 + "/64") ]
|
||||
++ (with values.services.turn; [ (ipv4 + "/25") (ipv6 + "/64") ]);
|
||||
};
|
||||
systemd.network.wait-online = {
|
||||
ignoredInterfaces = [ "enp6s0f1" ];
|
||||
anyInterface = true;
|
||||
};
|
||||
|
||||
|
||||
@@ -2,10 +2,14 @@
|
||||
|
||||
{
|
||||
sops.secrets."matrix/synapse/turnconfig" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "synapse/turnconfig";
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.users.matrix-synapse.group;
|
||||
};
|
||||
sops.secrets."matrix/coturn/static-auth-secret" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "coturn/static-auth-secret";
|
||||
owner = config.users.users.turnserver.name;
|
||||
group = config.users.users.turnserver.group;
|
||||
};
|
||||
@@ -114,7 +118,7 @@
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
interfaces.ens18 = let
|
||||
interfaces.enp6s0f0 = let
|
||||
range = with config.services.coturn; [ {
|
||||
from = min-port;
|
||||
to = max-port;
|
||||
@@ -7,6 +7,8 @@ in
|
||||
users.groups.keys-matrix-registrations = { };
|
||||
|
||||
sops.secrets."matrix/registrations/mx-puppet-discord" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "registrations/mx-puppet-discord";
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.groups.keys-matrix-registrations.name;
|
||||
};
|
||||
@@ -2,6 +2,8 @@
|
||||
|
||||
{
|
||||
sops.secrets."matrix/mjolnir/access_token" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "mjolnir/access_token";
|
||||
owner = config.users.users.mjolnir.name;
|
||||
group = config.users.users.mjolnir.group;
|
||||
};
|
||||
@@ -9,16 +9,22 @@ let
|
||||
listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
|
||||
in {
|
||||
sops.secrets."matrix/synapse/dbconfig" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "synapse/dbconfig";
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.users.matrix-synapse.group;
|
||||
};
|
||||
|
||||
sops.secrets."matrix/synapse/signing_key" = {
|
||||
key = "synapse/signing_key";
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.users.matrix-synapse.group;
|
||||
};
|
||||
|
||||
sops.secrets."matrix/synapse/user_registration" = {
|
||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
||||
key = "synapse/signing_key";
|
||||
owner = config.users.users.matrix-synapse.name;
|
||||
group = config.users.users.matrix-synapse.group;
|
||||
};
|
||||
Reference in New Issue
Block a user