From cc4a26f417e16b215f3819b25d9fc84a8f91966e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 22:48:55 +0200 Subject: [PATCH 01/37] feat: adds extra config using agenix (5) --- modules/services/matrix/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index e717fc3..32d47f5 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -15,6 +15,8 @@ in { defaults.email = "ahwx@ahwx.org"; }; + age.secrets.matrix-synapse.file = ../../../secrets/matrix-synapse.age; + services = { # postgresql.enable = true; # postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' From 42cbf6ef8833782ae9f9167864ab84a3126a9c05 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 22:51:07 +0200 Subject: [PATCH 02/37] feat: adds extra config using agenix (6) --- modules/services/matrix/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 32d47f5..a245075 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -118,8 +118,7 @@ in { server_name = "${fqdn}"; public_baseurl = "https://${fqdn}"; enable_registration = false; - registration_shared_secret = config.age.secrets.matrix-synapse; - #macaroon_secret_key = config.age.secrets.matrix-synapse; + extraConfig = config.age.secrets.matrix-synapse.file; listeners = [ { port = 8008; bind_addresses = [ "::1" ]; From 302ee11e53b5a5848c2b5615ff9015907c3c675d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 23:12:42 +0200 Subject: [PATCH 03/37] chore: remove agenix because i cant get it to work --- flake.lock | 86 ++---------------------------------------------------- 1 file changed, 2 insertions(+), 84 deletions(-) diff --git a/flake.lock b/flake.lock index 48e23e4..e4f4876 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1720546205, - "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", - "owner": "ryantm", - "repo": "agenix", - "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "alejandra": { "inputs": { "fenix": "fenix", @@ -75,28 +52,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -154,27 +109,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -250,7 +184,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_2", + "systems": "systems", "xdph": "xdph" }, "locked": { @@ -555,11 +489,10 @@ }, "root": { "inputs": { - "agenix": "agenix", "alejandra": "alejandra", "catppuccin": "catppuccin", "catppuccin-bat": "catppuccin-bat", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", @@ -587,21 +520,6 @@ } }, "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", From 8b5787e109d8d3b6cc2e6387b2f265e8c972a804 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 23:13:13 +0200 Subject: [PATCH 04/37] chore: remove agenix because i cant get it to work (2) --- flake.nix | 7 ++----- hosts/violet/default.nix | 3 +-- modules/services/matrix/default.nix | 6 ++---- 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index da203c2..b927bfb 100644 --- a/flake.nix +++ b/flake.nix @@ -29,15 +29,12 @@ flake = false; }; - agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "nixpkgs"; - iceshrimp = { url = "git+https://iceshrimp.dev/iceshrimp/packaging"; }; }; - outputs = { nixpkgs, self, iceshrimp, agenix, catppuccin, ...} @ inputs: + outputs = { nixpkgs, self, iceshrimp, catppuccin, ...} @ inputs: let selfPkgs = import ./pkgs; username = "liv"; @@ -71,7 +68,7 @@ modules = [( import ./hosts/violet )]; - specialArgs = { host="violet"; inherit self inputs username agenix iceshrimp ; }; + specialArgs = { host="violet"; inherit self inputs username iceshrimp ; }; }; vm = nixpkgs.lib.nixosSystem { diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index 9369fcf..953a68c 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -1,11 +1,10 @@ -{ pkgs, config, iceshrimp, agenix, ... }: +{ pkgs, config, iceshrimp, ... }: { imports = [ ./hardware-configuration.nix ./../../modules/core ./../../modules/services/violet.nix iceshrimp.nixosModules.default - agenix.nixosModules.default ]; networking.hostName = "violet"; diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index a245075..4ae31ce 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, agenix, ... }: +{ pkgs, lib, config, ... }: let fqdn = "liv.town"; baseUrl = "https://${fqdn}"; @@ -15,8 +15,6 @@ in { defaults.email = "ahwx@ahwx.org"; }; - age.secrets.matrix-synapse.file = ../../../secrets/matrix-synapse.age; - services = { # postgresql.enable = true; # postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' @@ -118,7 +116,7 @@ in { server_name = "${fqdn}"; public_baseurl = "https://${fqdn}"; enable_registration = false; - extraConfig = config.age.secrets.matrix-synapse.file; + extraConfig = ./secrets.yaml; listeners = [ { port = 8008; bind_addresses = [ "::1" ]; From b82d532388207c1fcea3bc27cfa4fa2bcd5773df Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 23:15:00 +0200 Subject: [PATCH 05/37] chore: adds secrets file so nix might see it? --- modules/services/matrix/secrets.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 modules/services/matrix/secrets.yaml diff --git a/modules/services/matrix/secrets.yaml b/modules/services/matrix/secrets.yaml new file mode 100644 index 0000000..0375b04 --- /dev/null +++ b/modules/services/matrix/secrets.yaml @@ -0,0 +1,5 @@ +registration_shared_secret: +macaroon_secret_key: +form_secret: + +report_stats: false From cf23013e4218e4a72bec3522f652ef769df0e316 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 16 Jul 2024 23:29:18 +0200 Subject: [PATCH 06/37] fix: adds extra config file --- modules/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 4ae31ce..758dcc1 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -116,7 +116,7 @@ in { server_name = "${fqdn}"; public_baseurl = "https://${fqdn}"; enable_registration = false; - extraConfig = ./secrets.yaml; + extraConfigFiles = [ "/home/liv/nixos-config/secrets/matrix-synapse.yaml" ]; listeners = [ { port = 8008; bind_addresses = [ "::1" ]; From c773beb592fba5718709abf7963d38e53e627348 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 00:53:11 +0200 Subject: [PATCH 07/37] feat: lets `iceshrimp` configure nginx --- modules/services/iceshrimp.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index 69dc2f7..8495dfb 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -5,8 +5,8 @@ postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + CREATE ROLE "iceshrimp" WITH LOGIN PASSWORD 'uph2reeloo3aeDae4muc'; + CREATE DATABASE "iceshrimp" WITH OWNER "iceshrimp" TEMPLATE template0 LC_COLLATE = "C" LC_CTYPE = "C"; @@ -16,6 +16,7 @@ iceshrimp = { enable = true; + configureNginx = true; settings = { url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail From 750a5f28abea50b3f594bca8d46a54cf9426d26d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 00:53:49 +0200 Subject: [PATCH 08/37] feat: lets `iceshrimp` configure nginx; issues with matrix (2/7/8) --- modules/services/iceshrimp.nix | 2 +- modules/services/matrix/default.nix | 3 ++- modules/services/matrix/secrets.yaml | 4 +--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index 8495dfb..aa74297 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -16,8 +16,8 @@ iceshrimp = { enable = true; - configureNginx = true; settings = { + configureNginx = true; url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail }; diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 758dcc1..2f86f67 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -116,7 +116,8 @@ in { server_name = "${fqdn}"; public_baseurl = "https://${fqdn}"; enable_registration = false; - extraConfigFiles = [ "/home/liv/nixos-config/secrets/matrix-synapse.yaml" ]; + registration_shared_secret = ""; + # extraConfigFiles = [ "/home/liv/nixos-config/secrets/matrix-synapse.yaml" ]; listeners = [ { port = 8008; bind_addresses = [ "::1" ]; diff --git a/modules/services/matrix/secrets.yaml b/modules/services/matrix/secrets.yaml index 0375b04..357c281 100644 --- a/modules/services/matrix/secrets.yaml +++ b/modules/services/matrix/secrets.yaml @@ -1,5 +1,3 @@ -registration_shared_secret: -macaroon_secret_key: -form_secret: +registration_shared_secret: "" report_stats: false From c192c433c69d0be2b0ab383088c4e623526f3b15 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:00:41 +0200 Subject: [PATCH 09/37] fix: `synapse` -> `iceshrimp` --- modules/services/iceshrimp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index aa74297..b0d64fa 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -4,7 +4,7 @@ services = { postgresql = { enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' + initialScript = pkgs.writeText "iceshrimp.sql" '' CREATE ROLE "iceshrimp" WITH LOGIN PASSWORD 'uph2reeloo3aeDae4muc'; CREATE DATABASE "iceshrimp" WITH OWNER "iceshrimp" TEMPLATE template0 From 4bba7bbf2a49e739a6e6afb0d449806e7ab99875 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:15:15 +0200 Subject: [PATCH 10/37] feat?: try with internal db --- modules/services/iceshrimp.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index b0d64fa..2e40867 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -2,26 +2,27 @@ { services = { - postgresql = { - enable = true; - initialScript = pkgs.writeText "iceshrimp.sql" '' - CREATE ROLE "iceshrimp" WITH LOGIN PASSWORD 'uph2reeloo3aeDae4muc'; - CREATE DATABASE "iceshrimp" WITH OWNER "iceshrimp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; + # postgresql = { + # enable = true; + # initialScript = pkgs.writeText "iceshrimp.sql" '' + # CREATE ROLE "iceshrimp" WITH LOGIN PASSWORD 'uph2reeloo3aeDae4muc'; + # CREATE DATABASE "iceshrimp" WITH OWNER "iceshrimp" + # TEMPLATE template0 + # LC_COLLATE = "C" + # LC_CTYPE = "C"; + # ''; + # }; iceshrimp = { enable = true; settings = { configureNginx = true; + createDb = true; url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. - settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail + # settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail }; - dbPasswordFile = /var/iceshrimp/dbPasswordFile; + # dbPasswordFile = /var/iceshrimp/dbPasswordFile; secretConfig = /var/iceshrimp/secretConfig.yml; }; }; From 874557c350de7f5d385ddd72e7e4167c1ecb065b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:33:59 +0200 Subject: [PATCH 11/37] feat: install nextcloud --- modules/services/nextcloud.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 modules/services/nextcloud.nix diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix new file mode 100644 index 0000000..2f04d35 --- /dev/null +++ b/modules/services/nextcloud.nix @@ -0,0 +1,21 @@ +{ config, ... }: +{ + services.nextcloud = { + enable = true; + hostName = "cloud.liv.town"; + https = true; + + virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; + }; + + + security.acme = { + acceptTerms = true; + certs = { + ${config.services.nextcloud.hostName}.email = "ahwx@ahwx.org"; + }; + }; +} From 0f9ae6c765a96476ba9a6d26a8df4195bbedf789 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:34:12 +0200 Subject: [PATCH 12/37] feat: adds nextcloud to `violet` --- modules/services/violet.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 21b656a..2c30996 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -1,6 +1,7 @@ { ...}: { imports = [(import ./iceshrimp.nix)] + ++ [(import ./nextcloud.nix)] ++ [(import ./matrix/default.nix)]; # ++ [(import ./tmux.nix)]; } From f52da0714cac9582a1a9263d05b4f14ddfba7079 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:39:33 +0200 Subject: [PATCH 13/37] feat: adds some options for nextcloud --- modules/services/nextcloud.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 2f04d35..f5e56de 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -4,11 +4,28 @@ enable = true; hostName = "cloud.liv.town"; https = true; + configureRedis = true; + maxUploadSize = "10G"; virtualHosts.${config.services.nextcloud.hostName} = { forceSSL = true; enableACME = true; }; + + extraOptions.enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + }; From 02ced8c359a36e6414eefc8027719bdcd3830692 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:41:11 +0200 Subject: [PATCH 14/37] revert: revert revert that shouldntve been reverted --- modules/services/iceshrimp.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index 2e40867..9777f7d 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -22,7 +22,7 @@ url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. # settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail }; - # dbPasswordFile = /var/iceshrimp/dbPasswordFile; + dbPasswordFile = /var/iceshrimp/dbPasswordFile; secretConfig = /var/iceshrimp/secretConfig.yml; }; }; From b971ff8fdcc66df97f8d99b3180dd7cf942cc10e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:47:24 +0200 Subject: [PATCH 15/37] fix: nextcloud? --- modules/services/nextcloud.nix | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index f5e56de..0889a02 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -1,15 +1,19 @@ { config, ... }: { - services.nextcloud = { - enable = true; - hostName = "cloud.liv.town"; - https = true; - configureRedis = true; - maxUploadSize = "10G"; - virtualHosts.${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; + + services.nextcloud = { + enable = true; + home = "/home/liv/nextcloud"; + https = true; + configureRedis = true; # caching + maxUploadSize = "10G"; + hostname = "cloud.liv.town"; + + settings = { + trusted_domains = [ + "cloud.liv.town" + ]; }; extraOptions.enabledPreviewProviders = [ @@ -25,10 +29,8 @@ "OC\\Preview\\XBitmap" "OC\\Preview\\HEIC" ]; - }; - - + security.acme = { acceptTerms = true; certs = { From 5f2626ac1e937309e19537c127103983aa24a5b5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 01:48:19 +0200 Subject: [PATCH 16/37] fix: nextcloud? (2) --- modules/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 0889a02..ce82937 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -8,7 +8,7 @@ https = true; configureRedis = true; # caching maxUploadSize = "10G"; - hostname = "cloud.liv.town"; + hostName = "cloud.liv.town"; settings = { trusted_domains = [ From 2093da9d90a5cd68b9ed5741a8ea33ed44e1b198 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 03:01:18 +0200 Subject: [PATCH 17/37] fix: nextcloud! --- modules/services/nextcloud.nix | 63 ++++++++++++++++++++++------------ 1 file changed, 41 insertions(+), 22 deletions(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index ce82937..49bd5a9 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -1,40 +1,59 @@ { config, ... }: { - + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults = { + email = "ahwx@ahwx.org"; + }; + }; services.nextcloud = { enable = true; - home = "/home/liv/nextcloud"; + home = "/var/nextcloud/home"; https = true; - configureRedis = true; # caching + configureRedis = false; # caching maxUploadSize = "10G"; hostName = "cloud.liv.town"; + config = { + adminuser = "liv"; + adminpassFile = "/var/nextcloud/AdminPass"; + }; + settings = { trusted_domains = [ "cloud.liv.town" ]; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; }; - - extraOptions.enabledPreviewProviders = [ - "OC\\Preview\\BMP" - "OC\\Preview\\GIF" - "OC\\Preview\\JPEG" - "OC\\Preview\\Krita" - "OC\\Preview\\MarkDown" - "OC\\Preview\\MP3" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\PNG" - "OC\\Preview\\TXT" - "OC\\Preview\\XBitmap" - "OC\\Preview\\HEIC" - ]; }; - security.acme = { - acceptTerms = true; - certs = { - ${config.services.nextcloud.hostName}.email = "ahwx@ahwx.org"; - }; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts.${config.services.nextcloud.hostName} = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyPass = "http://localhost:8080"; + proxyWebsockets = true; + }; + }; }; } From a77137731d07e6e08cb1e7e8cb8ba3cc922a4404 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 03:19:53 +0200 Subject: [PATCH 18/37] feat: adds liv.town --- modules/services/liv-town.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 modules/services/liv-town.nix diff --git a/modules/services/liv-town.nix b/modules/services/liv-town.nix new file mode 100644 index 0000000..d309fd1 --- /dev/null +++ b/modules/services/liv-town.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + # enableNvidia = true; + }; + + user.users.liv = { + extraGroups = [ "docker" ]; + }; + + virtualisation.oci-containers = { + backend = "docker"; + containers."livdottown" = { + image = "ghcr.io/ahwxorg/liv.town:latest"; + ports = [ + "4321:4321/tcp" + ]; + }; + }; +} From 7af36d0e25575a72ca33b48d8d20583d8e6cbb4f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 03:20:00 +0200 Subject: [PATCH 19/37] feat: adds liv.town to nginx --- modules/services/matrix/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 2f86f67..e7d554c 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -10,6 +10,11 @@ let return 200 '${builtins.toJSON data}'; ''; in { + + imports = [ + ../liv-town.nix # If using Matrix, also require website, TODO: should probably be the other way around. + ]; + security.acme = { acceptTerms = true; defaults.email = "ahwx@ahwx.org"; @@ -81,9 +86,7 @@ in { # It's also possible to do a redirect here or something else, this vhost is not # needed for Matrix. It's recommended though to *not put* element # here, see also the section about Element. - locations."/".extraConfig = '' - return 404; - ''; + locations."/".proxyPass = "http://[::1]:4321"; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://[::1]:8008"; From c0269a87b9217798f4a794684f9a81d441f4d0b5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 11:39:42 +0200 Subject: [PATCH 20/37] fix: `user` -> `users` --- modules/services/liv-town.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/liv-town.nix b/modules/services/liv-town.nix index d309fd1..c519e84 100644 --- a/modules/services/liv-town.nix +++ b/modules/services/liv-town.nix @@ -6,7 +6,7 @@ # enableNvidia = true; }; - user.users.liv = { + users.users.liv = { extraGroups = [ "docker" ]; }; From 9123eed1f987d5b33920db66771ea74530b745cd Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 11:40:03 +0200 Subject: [PATCH 21/37] chore: iceshrimp is broken at the moment --- modules/services/iceshrimp.nix | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/modules/services/iceshrimp.nix b/modules/services/iceshrimp.nix index 9777f7d..dfe32f6 100644 --- a/modules/services/iceshrimp.nix +++ b/modules/services/iceshrimp.nix @@ -14,16 +14,17 @@ # }; - iceshrimp = { - enable = true; - settings = { - configureNginx = true; - createDb = true; - url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. - # settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail - }; - dbPasswordFile = /var/iceshrimp/dbPasswordFile; - secretConfig = /var/iceshrimp/secretConfig.yml; - }; + # > "@liv the nix package is sadly broken at the moment" + # iceshrimp = { + # enable = true; + # settings = { + # configureNginx = true; + # createDb = true; + # url = "https://fedi.liv.town"; # The domain your Iceshrimp UI will be served on. + # # settings.db.host = "/run/postgresql"; # omitting this setting causes some configurations to fail + # }; + # dbPasswordFile = /var/iceshrimp/dbPasswordFile; + # secretConfig = /var/iceshrimp/secretConfig.yml; + # }; }; } From 96c87068c57b3bc460cd8d4a410219844f2baa79 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 11:48:05 +0200 Subject: [PATCH 22/37] fix: use correct port --- modules/services/liv-town.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/liv-town.nix b/modules/services/liv-town.nix index c519e84..90a76f5 100644 --- a/modules/services/liv-town.nix +++ b/modules/services/liv-town.nix @@ -15,7 +15,7 @@ containers."livdottown" = { image = "ghcr.io/ahwxorg/liv.town:latest"; ports = [ - "4321:4321/tcp" + "0.0.0.0:4321:8080" ]; }; }; From 720e3ae4bf7ae72889c29cc9c8db5d5315413d4f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 11:48:31 +0200 Subject: [PATCH 23/37] fix: use ipv4 localhost instead of ipv6 --- modules/services/matrix/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index e7d554c..9e04e27 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -86,7 +86,7 @@ in { # It's also possible to do a redirect here or something else, this vhost is not # needed for Matrix. It's recommended though to *not put* element # here, see also the section about Element. - locations."/".proxyPass = "http://[::1]:4321"; + locations."/".proxyPass = "http://127.0.0.1:4321"; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. locations."/_matrix".proxyPass = "http://[::1]:8008"; From f3a84a5ce4b15041022f950f8ec60d822e8242ce Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 13:07:01 +0200 Subject: [PATCH 24/37] feat: enable csp for liv.town --- modules/services/matrix/default.nix | 46 +++++++++++++++-------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 9e04e27..563f3ad 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -34,7 +34,7 @@ in { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; - recommendedGzipSettings = true; + recommendedGzipSettings = false; recommendedProxySettings = true; # Hardened TLS and HSTS preloading @@ -47,7 +47,7 @@ in { add_header Strict-Transport-Security $hsts_header; # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; # Minimize information leaked to other domains add_header 'Referrer-Policy' 'origin-when-cross-origin'; @@ -73,26 +73,28 @@ in { "${fqdn}" = { enableACME = true; forceSSL = true; - # This section is not needed if the server_name of matrix-synapse is equal to - # the domain (i.e. example.org from @foo:example.org) and the federation port - # is 8448. - # Further reference can be found in the docs about delegation under - # https://element-hq.github.io/synapse/latest/delegate.html - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # Further reference can be found in the upstream docs at - # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - # It's also possible to do a redirect here or something else, this vhost is not - # needed for Matrix. It's recommended though to *not put* element - # here, see also the section about Element. - locations."/".proxyPass = "http://127.0.0.1:4321"; - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - locations."/_matrix".proxyPass = "http://[::1]:8008"; - # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; - locations."wp-login.php".return = "301 https://hil-speed.hetzner.com/10GB.bin"; + locations = { + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://element-hq.github.io/synapse/latest/delegate.html + "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + # It's also possible to do a redirect here or something else, this vhost is not + # needed for Matrix. It's recommended though to *not put* element + # here, see also the section about Element. + "/".proxyPass = "http://127.0.0.1:4321"; + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + "/_matrix".proxyPass = "http://[::1]:8008"; + # Forward requests for e.g. SSO and password-resets. + "/_synapse/client".proxyPass = "http://[::1]:8008"; + "wp-login.php".return = "301 https://hil-speed.hetzner.com/10GB.bin"; + }; }; }; }; From d6bbb334198ed1f7374f4bc1303f85bf44738e34 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 13:07:13 +0200 Subject: [PATCH 25/37] chore: disable nextcloud for now :p --- modules/services/violet.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 2c30996..21b656a 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -1,7 +1,6 @@ { ...}: { imports = [(import ./iceshrimp.nix)] - ++ [(import ./nextcloud.nix)] ++ [(import ./matrix/default.nix)]; # ++ [(import ./tmux.nix)]; } From 4273a42d9cfffee50837d1c81f204b9642575aaa Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:16:21 +0200 Subject: [PATCH 26/37] feat: adds invidious --- modules/services/invidious.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 modules/services/invidious.nix diff --git a/modules/services/invidious.nix b/modules/services/invidious.nix new file mode 100644 index 0000000..5323b74 --- /dev/null +++ b/modules/services/invidious.nix @@ -0,0 +1,21 @@ +{ config, ... }: +{ + services.invidious = { + enable = true; + port = 8001; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + clientMaxBodySize = "40M"; + virtualHosts = { + "video.liv.town" = { + forceSSL = true; + enableACME = true; + proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}"; + }; + }; + }; +} From d13dfa042b1267d26b86733be2aada1df1d461e5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:17:26 +0200 Subject: [PATCH 27/37] fix: nextcloud headers etc? --- modules/services/nextcloud.nix | 40 +++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 49bd5a9..64089db 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -47,12 +47,40 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts.${config.services.nextcloud.hostName} = { - enableACME = true; - addSSL = true; - locations."/" = { - proxyPass = "http://localhost:8080"; - proxyWebsockets = true; + + # Hardened TLS and HSTS preloading + appendHttpConfig = '' + # Add HSTS header with preloading to HTTPS requests. + # Do not add HSTS header to HTTP requests. + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + + # Enable CSP for your services. + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + + # Minimize information leaked to other domains + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + + # Disable embedding as a frame + add_header X-Frame-Options DENY; + + # Prevent injection of code in other mime types (XSS Attacks) + add_header X-Content-Type-Options nosniff; + + # This might create errors + # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + + virtualHosts = { + "${config.services.nextcloud.hostName}" = { + enableACME = true; + forceSSL = true; + locations = { + "/".proxyPass = "http://localhost:8080"; + "/".proxyWebsockets = true; + }; }; }; }; From c0a95a671ecfe8c6581ddb7c73fea8fd755411e7 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:19:19 +0200 Subject: [PATCH 28/37] fix: some nginx headers etc? (100% @ internet.nl) --- modules/services/matrix/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 563f3ad..f8a83fd 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -47,10 +47,7 @@ in { add_header Strict-Transport-Security $hsts_header; # Enable CSP for your services. - add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always; # Disable embedding as a frame add_header X-Frame-Options DENY; From babd0db5f632e90ef54bf75f1c72d27fb8e9b16f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:21:16 +0200 Subject: [PATCH 29/37] feat: adds invidious to `violet` --- modules/services/violet.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 21b656a..6cae0da 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -1,6 +1,7 @@ { ...}: { imports = [(import ./iceshrimp.nix)] + ++ [(import ./invidious.nix)] ++ [(import ./matrix/default.nix)]; # ++ [(import ./tmux.nix)]; } From 16898acabd693d13cf2c8043711cd3155e888f52 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:27:53 +0200 Subject: [PATCH 30/37] fix: `virtualHosts..proxyPass` -> `virtualHosts..locations."/".proxyPass....` --- modules/services/invidious.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/invidious.nix b/modules/services/invidious.nix index 5323b74..9c51edd 100644 --- a/modules/services/invidious.nix +++ b/modules/services/invidious.nix @@ -14,7 +14,7 @@ "video.liv.town" = { forceSSL = true; enableACME = true; - proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}"; + locations."/".proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}"; }; }; }; From 6a948c578d668c6877b3f98ac4540c90b8e85b3c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:39:34 +0200 Subject: [PATCH 31/37] feat: adds mumble server; `murmur` --- modules/services/mumble.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules/services/mumble.nix diff --git a/modules/services/mumble.nix b/modules/services/mumble.nix new file mode 100644 index 0000000..14c9487 --- /dev/null +++ b/modules/services/mumble.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services.murmur = { + enable = true; + openFirewall = true; + }; +} From 25835f76fd07650ef2cfc2df74d584afc0b9d195 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 17 Jul 2024 15:39:42 +0200 Subject: [PATCH 32/37] feat: adds mumble server to violet --- modules/services/violet.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 6cae0da..8af50fe 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -2,6 +2,7 @@ imports = [(import ./iceshrimp.nix)] ++ [(import ./invidious.nix)] + ++ [(import ./mumble.nix)] ++ [(import ./matrix/default.nix)]; # ++ [(import ./tmux.nix)]; } From 21e8d50714f432cafd424a94521788b7dcfc61dc Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 18 Jul 2024 19:37:24 +0200 Subject: [PATCH 33/37] feat: adds basic `mautrix-whatsapp` configuration --- modules/services/matrix/default.nix | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index f8a83fd..482ee19 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -134,5 +134,37 @@ in { ]; }; }; + + mautrix-whatsapp = { + enable = true; + settings = { + appservice = { + database = { + type = "postgres"; + uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql"; + }; + ephemeral_events = false; + id = "whatsapp"; + }; + bridge = { + encryption = { + allow = true; + default = true; + require = true; + }; + history_sync = { + request_full_sync = true; + }; + mute_bridging = true; + permissions = { + "example.com" = "user"; + }; + private_chat_portal_meta = true; + provisioning = { + shared_secret = "disable"; + }; + }; + }; + }; }; } From f651fac25e3973c54c3aa9874f42d3975dc4b365 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 18 Jul 2024 20:02:46 +0200 Subject: [PATCH 34/37] feat: adds gitleaks --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 9cf040b..62c4a3b 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -17,6 +17,7 @@ gimp darktable lazygit + gitleaks # TODO: adds pre-commit hook libreoffice xfce.thunar prismlauncher From 878db814ae83ab932c5874caab7be5293867bfc5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 28 Jul 2024 13:51:37 +0200 Subject: [PATCH 35/37] feat: adds matrix to ignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 9dc7bc1..f5c773e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ secrets/ -modules/services/matrix/secrets.yaml +modules/services/matrix/default.nix From f537c0a98e29a308488b6e94e2b51af1cf40bf35 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 28 Jul 2024 13:52:18 +0200 Subject: [PATCH 36/37] chore: remove matrix --- modules/services/matrix/default.nix | 170 ---------------------------- 1 file changed, 170 deletions(-) delete mode 100644 modules/services/matrix/default.nix diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix deleted file mode 100644 index 482ee19..0000000 --- a/modules/services/matrix/default.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ pkgs, lib, config, ... }: -let - fqdn = "liv.town"; - baseUrl = "https://${fqdn}"; - clientConfig."m.homeserver".base_url = baseUrl; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - default_type application/json; - # add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - - imports = [ - ../liv-town.nix # If using Matrix, also require website, TODO: should probably be the other way around. - ]; - - security.acme = { - acceptTerms = true; - defaults.email = "ahwx@ahwx.org"; - }; - - services = { - # postgresql.enable = true; - # postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - # CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - # CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - # TEMPLATE template0 - # LC_COLLATE = "C" - # LC_CTYPE = "C"; - # ''; - - nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = false; - recommendedProxySettings = true; - - # Hardened TLS and HSTS preloading - appendHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Do not add HSTS header to HTTP requests. - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'self';" always; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; - - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # This might create errors - # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - - virtualHosts = { - # If the A and AAAA DNS records on example.org do not point on the same host as the - # records for myhostname.example.org, you can easily move the /.well-known - # virtualHost section of the code to the host that is serving example.org, while - # the rest stays on myhostname.example.org with no other changes required. - # This pattern also allows to seamlessly move the homeserver from - # myhostname.example.org to myotherhost.example.org by only changing the - # /.well-known redirection target. - "${fqdn}" = { - enableACME = true; - forceSSL = true; - locations = { - # This section is not needed if the server_name of matrix-synapse is equal to - # the domain (i.e. example.org from @foo:example.org) and the federation port - # is 8448. - # Further reference can be found in the docs about delegation under - # https://element-hq.github.io/synapse/latest/delegate.html - "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - # This is usually needed for homeserver discovery (from e.g. other Matrix clients). - # Further reference can be found in the upstream docs at - # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - # It's also possible to do a redirect here or something else, this vhost is not - # needed for Matrix. It's recommended though to *not put* element - # here, see also the section about Element. - "/".proxyPass = "http://127.0.0.1:4321"; - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - "/_matrix".proxyPass = "http://[::1]:8008"; - # Forward requests for e.g. SSO and password-resets. - "/_synapse/client".proxyPass = "http://[::1]:8008"; - "wp-login.php".return = "301 https://hil-speed.hetzner.com/10GB.bin"; - }; - }; - }; - }; - - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - matrix-synapse = { - enable = true; - settings = { - database.name = "psycopg2"; - database.args = { - user = "matrix-synapse"; - password = "synapse"; - }; - server_name = "${fqdn}"; - public_baseurl = "https://${fqdn}"; - enable_registration = false; - registration_shared_secret = ""; - # extraConfigFiles = [ "/home/liv/nixos-config/secrets/matrix-synapse.yaml" ]; - listeners = [ - { port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; - compress = true; - } ]; - } - ]; - }; - }; - - mautrix-whatsapp = { - enable = true; - settings = { - appservice = { - database = { - type = "postgres"; - uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql"; - }; - ephemeral_events = false; - id = "whatsapp"; - }; - bridge = { - encryption = { - allow = true; - default = true; - require = true; - }; - history_sync = { - request_full_sync = true; - }; - mute_bridging = true; - permissions = { - "example.com" = "user"; - }; - private_chat_portal_meta = true; - provisioning = { - shared_secret = "disable"; - }; - }; - }; - }; - }; -} From 5ff8aefb8b5a421127788501eb5f2b79d9bec15f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 2 Aug 2024 13:16:55 +0200 Subject: [PATCH 37/37] feat: remove iceshrimp (again) because it doesn't work (again) --- flake.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/flake.nix b/flake.nix index 7d1714a..b175984 100644 --- a/flake.nix +++ b/flake.nix @@ -30,10 +30,6 @@ url = "github:catppuccin/bat"; flake = false; }; - - iceshrimp = { - url = "git+https://iceshrimp.dev/iceshrimp/packaging"; - }; }; outputs = { nixpkgs, self, iceshrimp, catppuccin, ...} @ inputs: