felixalb/nixos-config
felixalb
/
nixos-config
mirror of https://git.feal.no/felixalb/nixos-config.git
2
2
Fork 0
Code Issues Activity

Add workers with matrix-synapse-next, various fixes and updates

This commit is contained in:
Felix Albrigtsen 2023-08-14 08:37:20 +02:00
parent 687ce3604a
commit 1ec9c08e22
7 changed files with 166 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
flake.lock
View File

@ -21,6 +21,24 @@
"type": "github"
}
},
"matrix-synapse-next": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1690488646,
"narHash": "sha256-yuceqT8Ev1sdwYvGYHegdTo0yrdRxVYJ2qXSbPtBgTw=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "bf997073d98670528c6230144e208a37d27fc388",
"type": "github"
},
"original": {
"owner": "dali99",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
@ -58,6 +76,21 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1673743903,
"narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1691874659,
@ -77,6 +110,7 @@
"root": {
"inputs": {
"home-manager": "home-manager",
"matrix-synapse-next": "matrix-synapse-next",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix",

13
flake.nix
View File

@ -11,11 +11,21 @@
home-manager.url = "github:nix-community/home-manager/release-23.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, unstable, home-manager, nix-darwin, sops-nix, ... }@inputs:
outputs = {
self
, nixpkgs
, unstable
, nix-darwin
, home-manager
, matrix-synapse-next
, sops-nix
, ... }@inputs:
let
overlay-unstable = final: prev: {
unstable = unstable.legacyPackages.${prev.system};
@ -34,6 +44,7 @@
./hosts/voyager/configuration.nix
sops-nix.nixosModules.sops
matrix-synapse-next.nixosModules.synapse
];
};
chapel = nixpkgs.lib.nixosSystem {

1
hosts/voyager/configuration.nix
View File

@ -25,6 +25,7 @@
./services/hedgedoc.nix
./services/vaultwarden.nix
./services/calibre.nix
./services/fancontrol.nix
# ./services/code-server.nix
];

1
hosts/voyager/services/calibre.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
let
domain = "books.home.feal.no";
storage = "/tank/media/books";

63
hosts/voyager/services/fancontrol.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
{
systemd.timers."fancontrol" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar="*:0/3";
Unit = "fancontrol.service";
};
};
systemd.services."fancontrol" = {
environment = {
TEMP_MIN_FALLING = "50";
TEMP_MAX_RISING = "56";
TEMP_CRIT = "70";
LOW_FAN_SPEED = "0x10";
};
script = ''
SET_FAN_MANUAL="0x30 0x30 0x01 0x00" # Enable manual control
SET_FAN_AUTO="0x30 0x30 0x01 0x01" # Disable manual control
SET_FAN_LOW="0x30 0x30 0x02 0xff $LOW_FAN_SPEED"
SET_FAN_MAX="0x30 0x30 0x02 0xff 0x64" # force 100%
# Get all temperatures readings starting with "Temp ", find all two digit numbers followed by spaces, find the largest one, trim the trailing space
maxcoretemp=$(${pkgs.ipmitool}/bin/ipmitool sdr type temperature | grep '^Temp ' | grep -Po '\d{2} ' | sort -nr | head -n1 | xargs)
# Verify that we read a valid number
ISNUMBER='^[0-9]+$'
if ! [[ $maxcoretemp =~ $ISNUMBER ]] ; then
echo "Error: could not read temperature" >&2
exit 2
fi
echo "Highest measured CPU temperature: '$maxcoretemp'"
if [ "$maxcoretemp" -gt "$TEMP_CRIT" ]; then
echo "TOO HOT, CRITICAL CPU TEMP"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MAX
exit 1
fi
if [ "$maxcoretemp" -gt "$TEMP_MAX_RISING" ]; then
echo "TOO HOT, switching to IDRAC fan controL"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_AUTO
exit 0
fi
if [ "$maxcoretemp" -lt "$TEMP_MIN_FALLING" ]; then
echo "Sufficiently cooled, stepping down fans"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_LOW
exit 0
fi
echo "Temperature is between limits, doing nothing..."
'';
};
}

7
hosts/voyager/services/gitea.nix
View File

@ -3,7 +3,7 @@ let
cfg = config.services.gitea;
domain = "git.feal.no";
httpPort = 3004;
/* sshPort = 2222; */
sshPort = 2222;
in {
services.gitea = {
enable = true;
@ -17,7 +17,7 @@ in {
server = {
LANDING_PAGE=''"/felixalb"'';
HTTP_PORT = httpPort;
/* SSH_PORT = sshPort; */
SSH_PORT = sshPort;
SSH_DOMAIN = "voyager.home.feal.no";
DOMAIN = domain;
ROOT_URL = "https://${domain}";
@ -51,6 +51,5 @@ in {
# - configure mailer
};
/* networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; */
networking.firewall.allowedTCPPorts = [ httpPort ];
networking.firewall.allowedTCPPorts = [ httpPort sshPort ];
}

88
hosts/voyager/services/matrix/synapse.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
main_ip = "127.0.1.2";
in
@ -9,9 +9,19 @@ in
group = "matrix-synapse";
};
services.matrix-synapse = {
services.matrix-synapse-next = {
enable = true;
package = pkgs.matrix-synapse;
enableNginx = true;
workers = {
federationSenders = 1;
federationReceivers = 2;
initialSyncers = 1;
normalSyncers = 1;
eventPersisters = 1;
useUserDirectoryWorker = true;
};
extraConfigFiles = [
config.sops.secrets."matrix/synapse/registrationsecret".path
@ -63,42 +73,50 @@ in
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
listeners = [
{ port = 8008;
bind_addresses = [ main_ip ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = [ "client" ]; compress = true; }
{ names = [ "federation" ]; compress = true; }
];
}
];
/* listeners = [ */
/* { port = 8008; */
/* bind_addresses = [ main_ip ]; */
/* type = "http"; */
/* tls = false; */
/* x_forwarded = true; */
/* resources = [ */
/* { names = [ "client" ]; compress = true; } */
/* { names = [ "federation" ]; compress = true; } */
/* ]; */
/* } */
/* ]; */
};
};
services.redis.servers."".enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
enableReload = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."matrix.feal.no" = {
locations."/_matrix" = {
proxyPass = "http://${main_ip}:8008";
extraConfig = ''
client_max_body_size 50M;
'';
};
# locations."/_synapse/client".proxyPass = "http://${main_ip}:8008";
locations."/" = {
proxyPass = "http://${main_ip}:8008";
};
};
services.nginx.virtualHosts."matrix.feal.no" = {
enableACME = lib.mkForce false;
forceSSL = lib.mkForce false;
/* sslCertificate = "/etc/ssl-snakeoil/matrix_feal_no.crt"; */
/* sslKey = "/etc/ssl-snakeoil/matrix_feal_no.key"; */
};
/* services.nginx = { */
/* enable = true; */
/* enableReload = true; */
/* recommendedOptimisation = true; */
/* recommendedGzipSettings = true; */
/* recommendedProxySettings = true; */
/* virtualHosts."matrix.feal.no" = { */
/* locations."/_matrix" = { */
/* proxyPass = "http://${main_ip}:8008"; */
/* extraConfig = '' */
/* client_max_body_size 50M; */
/* ''; */
/* }; */
/* # locations."/_synapse/client".proxyPass = "http://${main_ip}:8008"; */
/* locations."/" = { */
/* proxyPass = "http://${main_ip}:8008"; */
/* }; */
/* }; */
/* }; */
}