chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrate matrix-synapse away from docker

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-07-10 14:19:05 +02:00
parent 7051e2e1e3
commit 3af05052c8
No known key found for this signature in database
GPG key ID: 019E764B7184435A
10 changed files with 202 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
machines/lasting-integrity/default.nix
View file

@ -31,6 +31,7 @@
}; };
games.tetris.server = true; games.tetris.server = true;
services = { services = {
matrix.enable = true;
nextcloud.enable = true; nextcloud.enable = true;
syncthing.enable = true; syncthing.enable = true;
}; };

BIN
machines/lasting-integrity/secret.nix
View file

Binary file not shown.

1
modules/services/default.nix
View file

@ -6,6 +6,7 @@
./containers ./containers
./data-access ./data-access
./deluge ./deluge
./matrix
./nextcloud ./nextcloud
./nginx ./nginx
./syncthing ./syncthing

168
modules/services/matrix/default.nix Normal file
View file

@ -0,0 +1,168 @@
{ config, lib, pkgs, ... }:
{
options.chvp.services.matrix.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.services.matrix.enable {
chvp.services.nginx.hosts = [{
fqdn = "matrix.vanpetegem.me";
options.locations = {
"/" = {
proxyPass = "http://127.0.0.1:8448";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
proxy_read_timeout 600;
client_max_body_size 10M;
'';
};
"/_slack" = {
proxyPass = "http://127.0.0.1:9898";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
'';
};
};
}];
services = {
matrix-synapse = {
enable = true;
server_name = "vanpetegem.me";
public_baseurl = "https://vanpetegem.me";
listeners = [{
port = 8448;
bind_address = "localhost";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = ["client" "webclient"]; compress = true; }
{ names = ["federation"]; compress = false; }
];
}];
url_preview_enabled = true;
enable_metrics = false;
enable_registration = false;
report_stats = false;
allow_guest_access = false;
app_service_config_files = [
config.age.secrets."files/services/matrix-synapse/whatsapp-registration.yml".path
config.age.secrets."files/services/matrix-synapse/slack-registration.yml".path
];
extraConfigFiles = [
config.age.secrets."files/services/matrix-synapse/config.yml".path
];
dataDir = "${config.chvp.dataPrefix}/var/lib/matrix-synapse";
};
postgresql = {
enable = true;
dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
ensureDatabases = [
"matrix-synapse"
"matrix_appservice_slack"
"mautrix_whatsapp"
];
ensureUsers = [
{
name = "matrix_appservice_slack";
ensurePermissions = {
"DATABASE matrix_appservice_slack" = "ALL PRIVILEGES";
};
}
{
name = "mautrix_whatsapp";
ensurePermissions = {
"DATABASE mautrix_whatsapp" = "ALL PRIVILEGES";
};
}
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
};
}
];
};
};
systemd.services = {
matrix-appservice-slack = {
description = "Matrix <-> Slack bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.matrix-appservice-slack}/bin/matrix-appservice-slack --config ${config.age.secrets."files/services/matrix-appservice-slack/config.yml".path} --file ${config.age.secrets."files/services/matrix-appservice-slack/registration.yml".path}";
serviceConfig = {
User = "matrix_appservice_slack";
Group = "matrix_appservice_slack";
};
};
matrix-synapse = {
requires = [ "postgresql.service" ];
};
mautrix-whatsapp = {
description = "Matrix <-> WhatsApp bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp --config ${config.age.secrets."files/services/mautrix-whatsapp/config.yml".path}";
serviceConfig = {
User = "mautrix_whatsapp";
Group = "mautrix_whatsapp";
};
};
};
systemd.tmpfiles.rules = [
"d /var/log/mautrix-whatsapp - mautrix_whatsapp mautrix_whatsapp"
];
users = {
users = {
matrix_appservice_slack = {
group = "matrix_appservice_slack";
isSystemUser = true;
};
mautrix_whatsapp = {
group = "mautrix_whatsapp";
isSystemUser = true;
};
};
groups = {
matrix_appservice_slack = {};
mautrix_whatsapp = {};
};
};
age.secrets."files/services/matrix-appservice-slack/config.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/config.yml.age;
owner = "matrix_appservice_slack";
};
age.secrets."files/services/matrix-appservice-slack/registration.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/registration.yml.age;
owner = "matrix_appservice_slack";
};
age.secrets."files/services/mautrix-whatsapp/config.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/config.yml.age;
owner = "mautrix_whatsapp";
};
age.secrets."files/services/mautrix-whatsapp/registration.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/registration.yml.age;
owner = "mautrix_whatsapp";
};
age.secrets."files/services/matrix-synapse/config.yml" = {
file = ../../../secrets/files/services/matrix-synapse/config.yml.age;
owner = "matrix-synapse";
};
age.secrets."files/services/matrix-synapse/slack-registration.yml" = {
file = ../../../secrets/files/services/matrix-appservice-slack/registration.yml.age;
owner = "matrix-synapse";
};
age.secrets."files/services/matrix-synapse/whatsapp-registration.yml" = {
file = ../../../secrets/files/services/mautrix-whatsapp/registration.yml.age;
owner = "matrix-synapse";
};
};
}

6
secrets.nix
View file

@ -46,6 +46,12 @@ in
"secrets/passwords/services/data-basic-auth.age".publicKeys = [ urithiru ] ++ users; "secrets/passwords/services/data-basic-auth.age".publicKeys = [ urithiru ] ++ users;
"secrets/files/services/matrix-appservice-slack/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/files/services/matrix-appservice-slack/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/files/services/matrix-synapse/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/files/services/mautrix-whatsapp/config.yml.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/files/services/mautrix-whatsapp/registration.yml.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/data-access/ssh_host_rsa_key.age".publicKeys = [ urithiru ] ++ users; "secrets/data-access/ssh_host_rsa_key.age".publicKeys = [ urithiru ] ++ users;
"secrets/data-access/ssh_host_rsa_key.pub.age".publicKeys = [ urithiru ] ++ users; "secrets/data-access/ssh_host_rsa_key.pub.age".publicKeys = [ urithiru ] ++ users;
"secrets/data-access/ssh_host_ed25519_key.age".publicKeys = [ urithiru ] ++ users; "secrets/data-access/ssh_host_ed25519_key.age".publicKeys = [ urithiru ] ++ users;

BIN
secrets/files/services/matrix-appservice-slack/config.yml.age Normal file
View file

Binary file not shown.

BIN
secrets/files/services/matrix-appservice-slack/registration.yml.age Normal file
View file

Binary file not shown.

13
secrets/files/services/matrix-synapse/config.yml.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ 8smxRyefvJCc5vKEGHaepQMT8bow/DNCoM+JLnCCtDc
Hf32K1yhV4oVnW/oCmAVeIM5cuGWE+Yn7gYI8EmVV/E
-> ssh-ed25519 s9rb8g rUwHvPZ6imYJGruQEp3CJqVt7QG/9je39cOyGAK6Kgc
asUG1z+XJgbK5WLFUo1RyUhjbBpfN+4bklzIgnjRCOY
-> ssh-ed25519 yad4VQ MY6hLbI5APbve6XZQmCSdYiKp2XeqQmE8IkIjq+I3DI
1ts+jW41Hi+OzMJZka8BhvfpcL3F1fMDoUtqAIEEHU8
-> M[#DV(x>-grease k!'J+ 8b48w@ IyA8fZS Mm!wBM
efJSJLAjOg
--- qH7jsRJxviBS797tKOHqZ+8Dw9TUW77Kxh+FzXe2wrU
ôʘi¤z`ç/lK¨Ì“ÍX
ÝÚB‰u$T5*!ø!Öp±p™ì<[¯94ì ôC¾Û' ð2¹JŸÚ¨ž¨ kdˆsGB&L5*†oŒîèY"¥ì˜_é%ûµýüT“£åÆfˆ ôQ<C3B4>L÷žù¸^@ƒáAÁË· [®2 )4l¶•ãö ^r&?ˆ¥dÛ.:žÏŠ!rš×(¾è•lNµÁ`5…s¡îõÿ› Aš0 ‡œ‰jÊØï1jMì6§AÅxÿ+ “kbð4”!n<…»í¸Ÿ®|<7C>pÓª¢::Õ9®R‡Vt%Oh3ÎÖó m僙PË 8«jt %Zˆ-<2D>PªÃúMAŒ,½ð@zó'ühû<68>Ÿ†ä²š`
j™® MyÃãÙXðóï{³÷"º ¿yóçñ'²<>éûšÕY5dÛ£,J®SÎó±ét×mŸSRã{<7B><ô[Ê“oË

BIN
secrets/files/services/mautrix-whatsapp/config.yml.age Normal file
View file

Binary file not shown.

13
secrets/files/services/mautrix-whatsapp/registration.yml.age Normal file
View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ 86VloTluhamQNdKHRUAxq/vIOIofC3bZ9hWebD7k00A
2NwKLN+uxE7uk/C9qbP18wnnhxxgaZgO3lEBTyI4hRU
-> ssh-ed25519 s9rb8g iTwdPsRGqXYX8v7rE1AhYQ3WertuPXeMkIUZyWCYdyQ
nFtFK8dCYHEOvbGOxOoDFQihPgUJcHs7GEdcKDFdQuA
-> ssh-ed25519 yad4VQ 40+mwVfKKnI/7Hn6kUZ6b4FzUSsc94muTCsmnbwy6R8
bN5uXoRq6W69YEqYeHYOOOvhk8YOBeWG/mPC3LTTpOg
-> "~~w-grease \.L) j)?:q_F ]J_GYI`w
fmjAIxkdBwk+aehXvYQ3qORkUU835c89sGnKHhJlr0Fh+g962TjT8t6iJUDaG52m
BTfwzyNDyXlMoeyOcscjVrbSzHTBJ7OakmP4bAfhHAR4zimyfLOhhMl+
--- DroKHvz6niysIke4xiNwhuiP7OmU3GNd5acA9kcqkik
­?qAÕŒö(JЙQ<'Û;Q„ž…þ6Kuç€,Ëï³$‰iß«ÁÛü„H(Úª8&³‘ª-7-/,@õF¢ ÆpWJ‡PN ß=Ž¤éN^kEtÒ¥£³<C2A3>æ¥G óÔz¥XDâ*8®^y>Ë{|ùc£%'«·¸{hŒ'À@Ø¢q'ÅÊuØHé £pAÖ>éÜ4Ö½ÄgÍ"«Î‹½Øußd"@5ƒt¿,—ýèMHŸÐS<:<10>ck>®>ݨNPsªØ´kèFÖ<1E>
tC3Ü|ÛÔ8¢=Q vìù‡Bh;}Ê`;ü­~W ÆHÎob*àÑN²Ka¢î¸)ˆdÉ#i<>“õTKK®¿$^žúW~…¯¦¦¼ÄÇbÎöqG~ÅÊ„³)>-höž&ÂwH£•©$Þ<1C>*Î&c“ý<E2809C>Tñ^G<12>Tk—”z 1ÄsÓXçï-Ñ$¾Ì<C2BE>Bx?s¦æYÿù”nLã\dß-°í¡nyw+©ÏH·èFƒ©ú9ñÝ<C3B1>œp®žNÌËÀ_½ó¿Éw™Ù»<C399>ð