2
2
mirror of https://git.feal.no/felixalb/nixos-config.git synced 2024-12-22 12:07:29 +01:00

Compare commits

...

3 Commits

5 changed files with 28 additions and 19 deletions

View File

@ -82,7 +82,7 @@
users.users.felixalb = {
isNormalUser = true;
extraGroups = lib.mkDefault [
extraGroups = [
"wheel"
"docker"
];

View File

@ -12,6 +12,12 @@
group = "matrix-synapse";
};
sops.secrets."matrix/slidingsyncsecret" = {
restartUnits = [ "matrix-synapse.service" ];
owner = "matrix-synapse";
group = "matrix-synapse";
};
services.matrix-synapse-next = {
enable = true;
enableNginx = true;
@ -75,6 +81,8 @@
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
enableSlidingSync = true;
oidc_providers = [
{
idp_id = "keycloak";
@ -93,10 +101,12 @@
};
};
services.postgresqlBackup.databases = [ "matrix-synapse" ];
services.matrix-synapse.sliding-sync.environmentFile = config.sops.secrets."matrix/slidingsyncsecret".path;
services.redis.servers."".enable = true;
services.postgresqlBackup.databases = [ "matrix-synapse" ];
services.nginx.virtualHosts."matrix.feal.no" = {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }

View File

@ -12,8 +12,6 @@ in {
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."git.feal.no".default = true;
defaultListen = [
{
addr = "192.168.10.175";
@ -56,15 +54,17 @@ in {
'';
} // overrides;
in {
"cloud.feal.no" = publicProxy "" {
locations."/" = {
proxyPass = "http://challenger.home.feal.no";
extraConfig = ''
client_max_body_size 8G;
'';
# "cloud.feal.no" = publicProxy "" {
# locations."/" = {
# proxyPass = "http://challenger.home.feal.no";
# extraConfig = ''
# client_max_body_size 8G;
# '';
# };
# };
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {
default = true;
};
};
"git.feal.no" = publicProxy "http://unix:${gitea.server.HTTP_ADDR}" {};
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/" { };
"iam.feal.no" = publicProxy "http://${keycloak.http-host}:${toString keycloak.http-port}" { };
"music.feal.no" = publicProxy "http://challenger.home.feal.no/" { };

View File

@ -33,7 +33,6 @@
users.users.felixalb = {
uid = 1328256;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ ];
};

View File

@ -2,6 +2,7 @@ matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
slidingsyncsecret: ENC[AES256_GCM,data:bMBTXsLhXCj0Divy2mXZQ3zv5WBLut47pOzEQ1elOD1uDaKZMX8wX/EjGrrfmPZvUfLrvqEn8zEda++VtwPBonmQQ0CZraZeEKGgStQrFw==,iv:EulqNNtkNUFxO/LQ1qtYL/IXWu71L5cuJ1pY6eK85vc=,tag:uVoi42sq4S34bErASGJOAA==,type:str]
domeneshop:
netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
hedgedoc:
@ -39,9 +40,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-08T00:14:52Z"
mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str]
lastmodified: "2024-09-25T17:49:30Z"
mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1