mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-22 04:07:28 +01:00
defiant: Configure matrix-synapse. Remove janeway.
This commit is contained in:
parent
c8316cfc70
commit
a22084db75
15
.sops.yaml
15
.sops.yaml
@ -3,7 +3,7 @@ keys:
|
||||
- &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
||||
- &host_sarek age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
|
||||
- &host_janeway age1sjk38fy5dk2nn0q0rmxuvr9uw3ttgz7mq4632f8jllzqryft0y3s46j65k
|
||||
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
||||
|
||||
creation_rules:
|
||||
# Global secrets
|
||||
@ -21,16 +21,15 @@ creation_rules:
|
||||
- *user_felixalb_old
|
||||
- *user_felixalb
|
||||
|
||||
- path_regex: secrets/defiant/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_defiant
|
||||
- *user_felixalb
|
||||
|
||||
- path_regex: secrets/sarek/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_sarek
|
||||
- *user_felixalb_old
|
||||
- *user_felixalb
|
||||
|
||||
- path_regex: secrets/janeway/[^/]+\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *host_janeway
|
||||
- *user_felixalb_old
|
||||
- *user_felixalb
|
||||
|
15
flake.nix
15
flake.nix
@ -66,6 +66,7 @@
|
||||
|
||||
./hosts/defiant/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
matrix-synapse-next.nixosModules.default
|
||||
home-manager.nixosModules.home-manager {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
@ -109,20 +110,6 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
janeway = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
modules = [
|
||||
# Overlays-module makes "pkgs.unstable" available in configuration.nix
|
||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||
|
||||
./hosts/janeway/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
matrix-synapse-next.nixosModules.default
|
||||
];
|
||||
};
|
||||
redshirt = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
|
@ -6,6 +6,10 @@
|
||||
../../base.nix
|
||||
../../common/metrics-exporters.nix
|
||||
./hardware-configuration.nix
|
||||
|
||||
./services/postgresql.nix
|
||||
./services/nginx.nix
|
||||
./services/matrix-synapse.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
@ -13,13 +17,13 @@
|
||||
defaultGateway = "192.168.10.1";
|
||||
interfaces.enp3s0.ipv4 = {
|
||||
addresses = [
|
||||
{ address = "192.168.10.175"; prefixLength = 24; }
|
||||
{ address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
|
||||
];
|
||||
};
|
||||
hostId = "8e84f235";
|
||||
};
|
||||
|
||||
# sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
|
||||
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
|
||||
|
||||
environment.variables = { EDITOR = "vim"; };
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -73,11 +73,12 @@
|
||||
};
|
||||
|
||||
services.redis.servers."".enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx.virtualHosts."matrix.feal.no" = {
|
||||
enableACME = lib.mkForce false;
|
||||
forceSSL = lib.mkForce false;
|
||||
listen = [
|
||||
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||
];
|
||||
};
|
||||
|
||||
}
|
30
hosts/defiant/services/nginx.nix
Normal file
30
hosts/defiant/services/nginx.nix
Normal file
@ -0,0 +1,30 @@
|
||||
{ config, values, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
enableReload = true;
|
||||
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
|
||||
defaultListen = [
|
||||
{
|
||||
addr = "192.168.10.175";
|
||||
port = "80";
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80 443 # Internal / Default
|
||||
43080 43443 # External / Publicly exposed
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "felix@albrigtsen.it";
|
||||
};
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||
../../base.nix
|
||||
../../common/metrics-exporters.nix
|
||||
|
||||
./services/nginx.nix
|
||||
./services/postgresql.nix
|
||||
./services/matrix-synapse.nix
|
||||
];
|
||||
|
||||
# Boot and console is handled by proxmoxLXC.
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false; # Enabled in base.nix, forced off here.
|
||||
|
||||
# Override proxmox networking
|
||||
proxmoxLXC.manageNetwork = true;
|
||||
networking = {
|
||||
hostName = "janeway";
|
||||
defaultGateway = "192.168.10.1";
|
||||
interfaces."eth0".ipv4 = {
|
||||
addresses = [
|
||||
{ address = "192.168.10.183"; prefixLength = 24; }
|
||||
];
|
||||
};
|
||||
hostId = "bed956ff";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
bottom
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/janeway/janeway.yaml;
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
@ -1,33 +0,0 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.mx-puppet-discord = {
|
||||
enable = true;
|
||||
|
||||
serviceDependencies = [
|
||||
"matrix-synapse.service"
|
||||
"postgresql.service"
|
||||
];
|
||||
|
||||
settings = {
|
||||
bridge = {
|
||||
bindAddress = "localhost";
|
||||
domain = "feal.no";
|
||||
homeserverUrl = "https://matrix.feal.no";
|
||||
# homeserverUrl = "http://127.0.1.2:8008";
|
||||
|
||||
port = 8434;
|
||||
enableGroupSync = true;
|
||||
};
|
||||
|
||||
database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
|
||||
|
||||
provisioning.whitelist = [ "@felixalb:feal\\.no" ];
|
||||
relay.whitelist = [ ".*" ];
|
||||
selfService.whitelist = [ "@felixalb:feal\\.no" ];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
|
||||
}
|
@ -1,19 +0,0 @@
|
||||
{ config, values, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
enableReload = true;
|
||||
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
/* security.acme = { */
|
||||
/* acceptTerms = true; */
|
||||
/* email = "felix@albrigtsen.it"; */
|
||||
/* }; */
|
||||
}
|
32
secrets/defiant/defiant.yaml
Normal file
32
secrets/defiant/defiant.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
matrix:
|
||||
synapse:
|
||||
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQXEzMHQzaTU2YW85Yjhh
|
||||
eDZ1eG15UytULzhYaTBZemlRak5USmVrMlhRCmtOUmNqYS9xa0VHU2J1V0E0NjN0
|
||||
ZDRhek9xNXJNY0FhZUJCVjJpYW1ZNHcKLS0tIER3OFlyV2Q3b2l0RkkzVkZMaHdt
|
||||
MHI3WEV0RnZvWGw5a3BIV21kMlJxdU0Kpa1mjuwYoyk8Qfsst1k/pGGONYQf/sdZ
|
||||
kfTZV2btleBISsP5aBDTF+I4AJZesumJuNVA0gPsI88GaQuf3rqb8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRi9mRDMvcDhBN3RVcG90
|
||||
Q2Y5NGhTVmVOaW9VRTl0R25QQXJsb2FQOTFrCnNsL0M2OTQ1KzJKSXJaVlVrL01v
|
||||
R1RnOURGcDU3V2JldTdlRitQeDBIZE0KLS0tIHB2T3ZGQjZZRUlUL0FUSzhoZ1Ez
|
||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-24T17:26:56Z"
|
||||
mac: ENC[AES256_GCM,data:lj6GLwoKmDyZ7Gs7X4LOl531jHXn/yiollTFtKNTRfXKoayg40edWuyZR4eQBUWyjmznWeWSB7DT4L82S5DX6NNEqzBFMBlPFrz6DLDfWW/nMdmHW3l7tPxydm8BbmVi1kvp6W7JnHeA3dTaHyMaq5mwwPxhui64joN7964ABWA=,iv:TeESIqgS4ml7cYERq8+NItIjU+HLuxhXdzGMErcSrjg=,tag:fCIHhf77O6SjY9KjHVdrYw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
Loading…
Reference in New Issue
Block a user