From 1ec9c08e223fda6529d07feece9f1bec6b8adc2b Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 14 Aug 2023 08:37:20 +0200 Subject: [PATCH] Add workers with matrix-synapse-next, various fixes and updates --- flake.lock | 34 +++++++++ flake.nix | 13 +++- hosts/voyager/configuration.nix | 1 + hosts/voyager/services/calibre.nix | 1 - hosts/voyager/services/fancontrol.nix | 63 ++++++++++++++++ hosts/voyager/services/gitea.nix | 7 +- hosts/voyager/services/matrix/synapse.nix | 88 ++++++++++++++--------- 7 files changed, 166 insertions(+), 41 deletions(-) create mode 100644 hosts/voyager/services/fancontrol.nix diff --git a/flake.lock b/flake.lock index 75cf5da..f24d189 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,24 @@ "type": "github" } }, + "matrix-synapse-next": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1690488646, + "narHash": "sha256-yuceqT8Ev1sdwYvGYHegdTo0yrdRxVYJ2qXSbPtBgTw=", + "owner": "dali99", + "repo": "nixos-matrix-modules", + "rev": "bf997073d98670528c6230144e208a37d27fc388", + "type": "github" + }, + "original": { + "owner": "dali99", + "repo": "nixos-matrix-modules", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -58,6 +76,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1673743903, + "narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "7555e2dfcbac1533f047021f1744ac8871150f9f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1691874659, @@ -77,6 +110,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "matrix-synapse-next": "matrix-synapse-next", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix", diff --git a/flake.nix b/flake.nix index f282c03..6235a8a 100644 --- a/flake.nix +++ b/flake.nix @@ -11,11 +11,21 @@ home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + matrix-synapse-next.url = "github:dali99/nixos-matrix-modules"; + sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, unstable, home-manager, nix-darwin, sops-nix, ... }@inputs: + outputs = { + self + , nixpkgs + , unstable + , nix-darwin + , home-manager + , matrix-synapse-next + , sops-nix + , ... }@inputs: let overlay-unstable = final: prev: { unstable = unstable.legacyPackages.${prev.system}; @@ -34,6 +44,7 @@ ./hosts/voyager/configuration.nix sops-nix.nixosModules.sops + matrix-synapse-next.nixosModules.synapse ]; }; chapel = nixpkgs.lib.nixosSystem { diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index e52787d..3f77163 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -25,6 +25,7 @@ ./services/hedgedoc.nix ./services/vaultwarden.nix ./services/calibre.nix + ./services/fancontrol.nix # ./services/code-server.nix ]; diff --git a/hosts/voyager/services/calibre.nix b/hosts/voyager/services/calibre.nix index 0563942..8af24b0 100644 --- a/hosts/voyager/services/calibre.nix +++ b/hosts/voyager/services/calibre.nix @@ -1,5 +1,4 @@ { config, lib, pkgs, ... }: - let domain = "books.home.feal.no"; storage = "/tank/media/books"; diff --git a/hosts/voyager/services/fancontrol.nix b/hosts/voyager/services/fancontrol.nix new file mode 100644 index 0000000..3728b2d --- /dev/null +++ b/hosts/voyager/services/fancontrol.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: +{ + systemd.timers."fancontrol" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar="*:0/3"; + Unit = "fancontrol.service"; + }; + }; + + systemd.services."fancontrol" = { + environment = { + TEMP_MIN_FALLING = "50"; + TEMP_MAX_RISING = "56"; + TEMP_CRIT = "70"; + + LOW_FAN_SPEED = "0x10"; + }; + + script = '' + SET_FAN_MANUAL="0x30 0x30 0x01 0x00" # Enable manual control + SET_FAN_AUTO="0x30 0x30 0x01 0x01" # Disable manual control + + SET_FAN_LOW="0x30 0x30 0x02 0xff $LOW_FAN_SPEED" + SET_FAN_MAX="0x30 0x30 0x02 0xff 0x64" # force 100% + + + # Get all temperatures readings starting with "Temp ", find all two digit numbers followed by spaces, find the largest one, trim the trailing space + maxcoretemp=$(${pkgs.ipmitool}/bin/ipmitool sdr type temperature | grep '^Temp ' | grep -Po '\d{2} ' | sort -nr | head -n1 | xargs) + + # Verify that we read a valid number + ISNUMBER='^[0-9]+$' + if ! [[ $maxcoretemp =~ $ISNUMBER ]] ; then + echo "Error: could not read temperature" >&2 + exit 2 + fi + + echo "Highest measured CPU temperature: '$maxcoretemp'" + + if [ "$maxcoretemp" -gt "$TEMP_CRIT" ]; then + echo "TOO HOT, CRITICAL CPU TEMP" + ${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL + ${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MAX + exit 1 + fi + + if [ "$maxcoretemp" -gt "$TEMP_MAX_RISING" ]; then + echo "TOO HOT, switching to IDRAC fan controL" + ${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_AUTO + exit 0 + fi + + if [ "$maxcoretemp" -lt "$TEMP_MIN_FALLING" ]; then + echo "Sufficiently cooled, stepping down fans" + ${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL + ${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_LOW + exit 0 + fi + + echo "Temperature is between limits, doing nothing..." + ''; + }; +} diff --git a/hosts/voyager/services/gitea.nix b/hosts/voyager/services/gitea.nix index 1385815..bf72105 100644 --- a/hosts/voyager/services/gitea.nix +++ b/hosts/voyager/services/gitea.nix @@ -3,7 +3,7 @@ let cfg = config.services.gitea; domain = "git.feal.no"; httpPort = 3004; - /* sshPort = 2222; */ + sshPort = 2222; in { services.gitea = { enable = true; @@ -17,7 +17,7 @@ in { server = { LANDING_PAGE=''"/felixalb"''; HTTP_PORT = httpPort; - /* SSH_PORT = sshPort; */ + SSH_PORT = sshPort; SSH_DOMAIN = "voyager.home.feal.no"; DOMAIN = domain; ROOT_URL = "https://${domain}"; @@ -51,6 +51,5 @@ in { # - configure mailer }; - /* networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; */ - networking.firewall.allowedTCPPorts = [ httpPort ]; + networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; } diff --git a/hosts/voyager/services/matrix/synapse.nix b/hosts/voyager/services/matrix/synapse.nix index fe098f5..3dc9a54 100644 --- a/hosts/voyager/services/matrix/synapse.nix +++ b/hosts/voyager/services/matrix/synapse.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let main_ip = "127.0.1.2"; in @@ -9,9 +9,19 @@ in group = "matrix-synapse"; }; - services.matrix-synapse = { + services.matrix-synapse-next = { enable = true; - package = pkgs.matrix-synapse; + enableNginx = true; + + workers = { + federationSenders = 1; + federationReceivers = 2; + initialSyncers = 1; + normalSyncers = 1; + eventPersisters = 1; + useUserDirectoryWorker = true; + }; + extraConfigFiles = [ config.sops.secrets."matrix/synapse/registrationsecret".path @@ -63,42 +73,50 @@ in tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt"; tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key"; - listeners = [ - { port = 8008; - bind_addresses = [ main_ip ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" ]; compress = true; } - { names = [ "federation" ]; compress = true; } - ]; - } - ]; + /* listeners = [ */ + /* { port = 8008; */ + /* bind_addresses = [ main_ip ]; */ + /* type = "http"; */ + /* tls = false; */ + /* x_forwarded = true; */ + /* resources = [ */ + /* { names = [ "client" ]; compress = true; } */ + /* { names = [ "federation" ]; compress = true; } */ + /* ]; */ + /* } */ + /* ]; */ }; }; + services.redis.servers."".enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx = { - enable = true; - enableReload = true; - - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - virtualHosts."matrix.feal.no" = { - locations."/_matrix" = { - proxyPass = "http://${main_ip}:8008"; - extraConfig = '' - client_max_body_size 50M; - ''; - }; - # locations."/_synapse/client".proxyPass = "http://${main_ip}:8008"; - locations."/" = { - proxyPass = "http://${main_ip}:8008"; - }; - }; + services.nginx.virtualHosts."matrix.feal.no" = { + enableACME = lib.mkForce false; + forceSSL = lib.mkForce false; + /* sslCertificate = "/etc/ssl-snakeoil/matrix_feal_no.crt"; */ + /* sslKey = "/etc/ssl-snakeoil/matrix_feal_no.key"; */ }; + + /* services.nginx = { */ + /* enable = true; */ + /* enableReload = true; */ + + /* recommendedOptimisation = true; */ + /* recommendedGzipSettings = true; */ + /* recommendedProxySettings = true; */ + + /* virtualHosts."matrix.feal.no" = { */ + /* locations."/_matrix" = { */ + /* proxyPass = "http://${main_ip}:8008"; */ + /* extraConfig = '' */ + /* client_max_body_size 50M; */ + /* ''; */ + /* }; */ + /* # locations."/_synapse/client".proxyPass = "http://${main_ip}:8008"; */ + /* locations."/" = { */ + /* proxyPass = "http://${main_ip}:8008"; */ + /* }; */ + /* }; */ + /* }; */ }