mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-22 04:07:28 +01:00
Add workers with matrix-synapse-next, various fixes and updates
This commit is contained in:
parent
687ce3604a
commit
1ec9c08e22
34
flake.lock
generated
34
flake.lock
generated
@ -21,6 +21,24 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"matrix-synapse-next": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690488646,
|
||||
"narHash": "sha256-yuceqT8Ev1sdwYvGYHegdTo0yrdRxVYJ2qXSbPtBgTw=",
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "bf997073d98670528c6230144e208a37d27fc388",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -58,6 +76,21 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1673743903,
|
||||
"narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1691874659,
|
||||
@ -77,6 +110,7 @@
|
||||
"root": {
|
||||
"inputs": {
|
||||
"home-manager": "home-manager",
|
||||
"matrix-synapse-next": "matrix-synapse-next",
|
||||
"nix-darwin": "nix-darwin",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"sops-nix": "sops-nix",
|
||||
|
13
flake.nix
13
flake.nix
@ -11,11 +11,21 @@
|
||||
home-manager.url = "github:nix-community/home-manager/release-23.05";
|
||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
|
||||
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, unstable, home-manager, nix-darwin, sops-nix, ... }@inputs:
|
||||
outputs = {
|
||||
self
|
||||
, nixpkgs
|
||||
, unstable
|
||||
, nix-darwin
|
||||
, home-manager
|
||||
, matrix-synapse-next
|
||||
, sops-nix
|
||||
, ... }@inputs:
|
||||
let
|
||||
overlay-unstable = final: prev: {
|
||||
unstable = unstable.legacyPackages.${prev.system};
|
||||
@ -34,6 +44,7 @@
|
||||
|
||||
./hosts/voyager/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
matrix-synapse-next.nixosModules.synapse
|
||||
];
|
||||
};
|
||||
chapel = nixpkgs.lib.nixosSystem {
|
||||
|
@ -25,6 +25,7 @@
|
||||
./services/hedgedoc.nix
|
||||
./services/vaultwarden.nix
|
||||
./services/calibre.nix
|
||||
./services/fancontrol.nix
|
||||
# ./services/code-server.nix
|
||||
|
||||
];
|
||||
|
@ -1,5 +1,4 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "books.home.feal.no";
|
||||
storage = "/tank/media/books";
|
||||
|
63
hosts/voyager/services/fancontrol.nix
Normal file
63
hosts/voyager/services/fancontrol.nix
Normal file
@ -0,0 +1,63 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
systemd.timers."fancontrol" = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar="*:0/3";
|
||||
Unit = "fancontrol.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."fancontrol" = {
|
||||
environment = {
|
||||
TEMP_MIN_FALLING = "50";
|
||||
TEMP_MAX_RISING = "56";
|
||||
TEMP_CRIT = "70";
|
||||
|
||||
LOW_FAN_SPEED = "0x10";
|
||||
};
|
||||
|
||||
script = ''
|
||||
SET_FAN_MANUAL="0x30 0x30 0x01 0x00" # Enable manual control
|
||||
SET_FAN_AUTO="0x30 0x30 0x01 0x01" # Disable manual control
|
||||
|
||||
SET_FAN_LOW="0x30 0x30 0x02 0xff $LOW_FAN_SPEED"
|
||||
SET_FAN_MAX="0x30 0x30 0x02 0xff 0x64" # force 100%
|
||||
|
||||
|
||||
# Get all temperatures readings starting with "Temp ", find all two digit numbers followed by spaces, find the largest one, trim the trailing space
|
||||
maxcoretemp=$(${pkgs.ipmitool}/bin/ipmitool sdr type temperature | grep '^Temp ' | grep -Po '\d{2} ' | sort -nr | head -n1 | xargs)
|
||||
|
||||
# Verify that we read a valid number
|
||||
ISNUMBER='^[0-9]+$'
|
||||
if ! [[ $maxcoretemp =~ $ISNUMBER ]] ; then
|
||||
echo "Error: could not read temperature" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
echo "Highest measured CPU temperature: '$maxcoretemp'"
|
||||
|
||||
if [ "$maxcoretemp" -gt "$TEMP_CRIT" ]; then
|
||||
echo "TOO HOT, CRITICAL CPU TEMP"
|
||||
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
|
||||
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MAX
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$maxcoretemp" -gt "$TEMP_MAX_RISING" ]; then
|
||||
echo "TOO HOT, switching to IDRAC fan controL"
|
||||
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_AUTO
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ "$maxcoretemp" -lt "$TEMP_MIN_FALLING" ]; then
|
||||
echo "Sufficiently cooled, stepping down fans"
|
||||
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
|
||||
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_LOW
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Temperature is between limits, doing nothing..."
|
||||
'';
|
||||
};
|
||||
}
|
@ -3,7 +3,7 @@ let
|
||||
cfg = config.services.gitea;
|
||||
domain = "git.feal.no";
|
||||
httpPort = 3004;
|
||||
/* sshPort = 2222; */
|
||||
sshPort = 2222;
|
||||
in {
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
@ -17,7 +17,7 @@ in {
|
||||
server = {
|
||||
LANDING_PAGE=''"/felixalb"'';
|
||||
HTTP_PORT = httpPort;
|
||||
/* SSH_PORT = sshPort; */
|
||||
SSH_PORT = sshPort;
|
||||
SSH_DOMAIN = "voyager.home.feal.no";
|
||||
DOMAIN = domain;
|
||||
ROOT_URL = "https://${domain}";
|
||||
@ -51,6 +51,5 @@ in {
|
||||
# - configure mailer
|
||||
};
|
||||
|
||||
/* networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; */
|
||||
networking.firewall.allowedTCPPorts = [ httpPort ];
|
||||
networking.firewall.allowedTCPPorts = [ httpPort sshPort ];
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
main_ip = "127.0.1.2";
|
||||
in
|
||||
@ -9,9 +9,19 @@ in
|
||||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
services.matrix-synapse = {
|
||||
services.matrix-synapse-next = {
|
||||
enable = true;
|
||||
package = pkgs.matrix-synapse;
|
||||
enableNginx = true;
|
||||
|
||||
workers = {
|
||||
federationSenders = 1;
|
||||
federationReceivers = 2;
|
||||
initialSyncers = 1;
|
||||
normalSyncers = 1;
|
||||
eventPersisters = 1;
|
||||
useUserDirectoryWorker = true;
|
||||
};
|
||||
|
||||
|
||||
extraConfigFiles = [
|
||||
config.sops.secrets."matrix/synapse/registrationsecret".path
|
||||
@ -63,42 +73,50 @@ in
|
||||
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
||||
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
||||
|
||||
listeners = [
|
||||
{ port = 8008;
|
||||
bind_addresses = [ main_ip ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{ names = [ "client" ]; compress = true; }
|
||||
{ names = [ "federation" ]; compress = true; }
|
||||
];
|
||||
}
|
||||
];
|
||||
/* listeners = [ */
|
||||
/* { port = 8008; */
|
||||
/* bind_addresses = [ main_ip ]; */
|
||||
/* type = "http"; */
|
||||
/* tls = false; */
|
||||
/* x_forwarded = true; */
|
||||
/* resources = [ */
|
||||
/* { names = [ "client" ]; compress = true; } */
|
||||
/* { names = [ "federation" ]; compress = true; } */
|
||||
/* ]; */
|
||||
/* } */
|
||||
/* ]; */
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.servers."".enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
enableReload = true;
|
||||
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts."matrix.feal.no" = {
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://${main_ip}:8008";
|
||||
extraConfig = ''
|
||||
client_max_body_size 50M;
|
||||
'';
|
||||
};
|
||||
# locations."/_synapse/client".proxyPass = "http://${main_ip}:8008";
|
||||
locations."/" = {
|
||||
proxyPass = "http://${main_ip}:8008";
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."matrix.feal.no" = {
|
||||
enableACME = lib.mkForce false;
|
||||
forceSSL = lib.mkForce false;
|
||||
/* sslCertificate = "/etc/ssl-snakeoil/matrix_feal_no.crt"; */
|
||||
/* sslKey = "/etc/ssl-snakeoil/matrix_feal_no.key"; */
|
||||
};
|
||||
|
||||
/* services.nginx = { */
|
||||
/* enable = true; */
|
||||
/* enableReload = true; */
|
||||
|
||||
/* recommendedOptimisation = true; */
|
||||
/* recommendedGzipSettings = true; */
|
||||
/* recommendedProxySettings = true; */
|
||||
|
||||
/* virtualHosts."matrix.feal.no" = { */
|
||||
/* locations."/_matrix" = { */
|
||||
/* proxyPass = "http://${main_ip}:8008"; */
|
||||
/* extraConfig = '' */
|
||||
/* client_max_body_size 50M; */
|
||||
/* ''; */
|
||||
/* }; */
|
||||
/* # locations."/_synapse/client".proxyPass = "http://${main_ip}:8008"; */
|
||||
/* locations."/" = { */
|
||||
/* proxyPass = "http://${main_ip}:8008"; */
|
||||
/* }; */
|
||||
/* }; */
|
||||
/* }; */
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user