schrottkatze/nix-configs
1
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

added synapse, removed conduit

Browse source
This commit is contained in:
Schrottkatze 2023-02-19 02:04:30 +01:00
parent ed70f8610a
commit f25bb319ae
6 changed files with 80 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
flake.lock
View file

@ -44,9 +44,7 @@
"conduit": {
"inputs": {
"d2n": "d2n",
"nixpkgs": [
"nixpkgs-stable"
],
"nixpkgs": "nixpkgs",
"parts": "parts",
"rust-overlay": "rust-overlay"
},
@ -133,7 +131,7 @@
"inputs": {
"flake-utils": "flake-utils_2",
"naersk": "naersk",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1662552013,
@ -350,7 +348,7 @@
"meowsite": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1676235149,
@ -369,7 +367,7 @@
"microbin-fork": {
"inputs": {
"naersk": "naersk_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"utils": "utils_2"
},
"locked": {
@ -388,7 +386,7 @@
},
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1655042882,
@ -406,7 +404,7 @@
},
"naersk_2": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1671096816,
@ -425,7 +423,7 @@
},
"naersk_3": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1671096816,
@ -475,16 +473,18 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1656755932,
"narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=",
"owner": "NixOS",
"lastModified": 1676659111,
"narHash": "sha256-nj3GONWv33Zr/ahm6ATep2qhtuu1mH5e4I4fuKdSVzU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152",
"rev": "958dbd6c08c7e276451704409ebc7cb0d8bc94c7",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
@ -553,6 +553,20 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1656755932,
"narHash": "sha256-TGThfOxr+HjFK464+UoUE6rClp2cwxjiKvHcBVdIGSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "660ac43ff9ab1f12e28bfb31d4719795777fe152",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1674407282,
"narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=",
@ -568,7 +582,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
@ -582,7 +596,7 @@
"type": "indirect"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1676549890,
"narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
@ -598,7 +612,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1676659111,
"narHash": "sha256-nj3GONWv33Zr/ahm6ATep2qhtuu1mH5e4I4fuKdSVzU=",
@ -614,7 +628,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1675614288,
"narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
@ -628,7 +642,7 @@
"type": "indirect"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1675614288,
"narHash": "sha256-i3Rc/ENnz62BcrSloeVmAyPicEh4WsrEEYR+INs9TYw=",
@ -715,7 +729,7 @@
"meowsite": "meowsite",
"microbin-fork": "microbin-fork",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgs-stable": "nixpkgs-stable",
"wordsofgod": "wordsofgod"
}
@ -807,7 +821,7 @@
"wordsofgod": {
"inputs": {
"naersk": "naersk_3",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"utils": "utils_3"
},
"locked": {

10
flake.nix
View file

@ -18,17 +18,9 @@
meowsite.url = "git+https://gitlab.com/obsidianical/meowsite.git";
wordsofgod.url = "git+https://gitlab.com/obsidianical/wordsofgod.git";
microbin-fork.url = "git+https://gitlab.com/obsidianical/microbin.git";
conduit = {
url = "gitlab:famedly/conduit";
# Assuming you have an input for nixpkgs called `nixpkgs`. If you experience
# build failures while using this, try commenting/deleting this line. This
# will probably also require you to always build from source.
inputs.nixpkgs.follows = "nixpkgs-stable";
};
};
outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nixos-hardware, mac-brcm-fw, conduit, ... }@inputs: {
outputs = { self, nixpkgs, nixpkgs-stable, home-manager, nixos-hardware, mac-brcm-fw, ... }@inputs: {
nixosConfigurations = {
monosodium-glutamate-g = nixpkgs.lib.nixosSystem {
specialArgs = {

149
schrottserver/conduit.nix
View file

@ -1,149 +0,0 @@
{ config
, pkgs
, flake-inputs
, ...
}:
let
# You'll need to edit these values
# The hostname that will appear in your user and room IDs
server_name = "conduit.schrottkatze.de";
# The hostname that Conduit actually runs on
#
# This can be the same as `server_name` if you want. This is only necessary
# when Conduit is running on a different machine than the one hosting your
# root domain. This configuration also assumes this is all running on a single
# machine, some tweaks will need to be made if this is not the case.
matrix_hostname = "matrix.${server_name}";
# An admin email for TLS certificate notifications
admin_email = "jade@schrottkatze.de";
# These ones you can leave alone
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/server`
well_known_server = pkgs.writeText "well-known-matrix-server" ''
{
"m.server": "${matrix_hostname}"
}
'';
# Build a dervation that stores the content of `${server_name}/.well-known/matrix/client`
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
"m.homeserver": {
"base_url": "https://${matrix_hostname}"
}
}
'';
in
{
# Configure Conduit itself
services.matrix-conduit = {
enable = true;
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
package = flake-inputs.conduit.packages.${pkgs.system}.default;
settings.global = {
inherit server_name;
};
};
# Configure automated TLS acquisition/renewal
security.acme = {
acceptTerms = true;
defaults = {
email = admin_email;
};
};
# ACME data must be readable by the NGINX user
users.users.nginx.extraGroups = [
"acme"
];
# Configure NGINX as a reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"${matrix_hostname}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {
proxyPass = "http://backend_conduit$request_uri";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
"${server_name}" = {
forceSSL = true;
enableACME = true;
locations."=/.well-known/matrix/server" = {
# Use the contents of the derivation built previously
alias = "${well_known_server}";
extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes
default_type application/json;
'';
};
locations."=/.well-known/matrix/client" = {
# Use the contents of the derivation built previously
alias = "${well_known_client}";
extraConfig = ''
# Set the header since by default NGINX thinks it's just bytes
default_type application/json;
# https://matrix.org/docs/spec/client_server/r0.4.0#web-browser-clients
add_header Access-Control-Allow-Origin "*";
'';
};
};
};
upstreams = {
"backend_conduit" = {
servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
};
};
};
};
# Open firewall ports for HTTP, HTTPS, and Matrix federation
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
networking.firewall.allowedUDPPorts = [ 80 443 8448 ];
}

2
schrottserver/configuration.nix
View file

@ -16,7 +16,7 @@
./microbin.nix
../modules/neovim.nix
../modules/zsh.nix
./conduit.nix
./synapse.nix
];
#systemd.services.wordsofgod-bot.enable = true;

32
schrottserver/proxy.nix
View file

@ -20,6 +20,10 @@
group = "nginx";
keyType = "rsa2048";
};
"synapse.schrottkatze.de" = {
group = "nginx";
keyType = "rsa2048";
}
};
};
@ -66,6 +70,34 @@
proxyPass = "http://127.0.0.1:8080$request_uri";
};
};
"synapse.schrottkatze.de" = {
forceSSL = true;
enableACME = true;
http2 = true;
listen = [
{
port = 443;
ssl = true;
}
{
port = 8448;
ssl = true;
}
];
locations."~ ^(/_matrix|/_synapse/client)" {
proxyPass = "http://localhost:8008";
extraConfig = [
"proxy_pass http://localhost:8008;"
"proxy_set_header X-Forwarded-For $remote_addr;"
"proxy_set_header X-Forwarded-Proto $scheme;"
"proxy_set_header Host $host;"
"client_max_body_size 2G;"
];
};
extraConfig = [
"proxy_http_version 1.1;"
];
};
};
};
}

10
schrottserver/synapse.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
services.matrix-synapse = {
enable = true;
settings = {
server_name = "synapse.schrottkatze.de";
max_upload_size = "2G";
};
};
}