dev.fron.io nixrc / 8e1749e
containers(matrix). attempt dendrite Tony Olagbaiye a month ago
7 changed file(s) with 150 addition(s) and 109 deletion(s). Raw diff Collapse all Expand all
33 hostAddress = "10.7.0.1";
44 localAddress = "10.7.0.2";
55 in {
6 services.postgresql.enable = true;
7 services.postgresql.ensureUsers = [
8 { name = "matrix-synapse"; ensurePermissions."DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; }
9 ];
10 services.postgresql.ensureDatabases = [ "matrix-synapse" ];
6 services.postgresql = let
7 databases = [
8 "naffka"
9 "appservice"
10 "federationsender"
11 "keyserver"
12 "mediaapi"
13 "mscs"
14 "roomserver"
15 "signingkeyserver"
16 "syncapi"
17 "userapi-accounts"
18 "userapi-devices"
19 ];
20 in {
21 enable = true;
22 ensureUsers = map (x: {
23 name = "dendrite";
24 ensurePermissions."DATABASE \"dendrite-${x}\"" = "ALL PRIVILEGES";
25 }) databases;
26 ensureDatabases = map (x: "dendrite-${x}") databases;
27 };
1128
1229 containers.matrix =
1330 {
2037 { ... }:
2138
2239 {
23 imports = [
24 flake.inputs.construct.nixosModules.matrix-construct
25 ];
40 #environment.memoryAllocator.provider = "jemalloc";
2641
27 environment.memoryAllocator.provider = "jemalloc";
28
29 environment.systemPackages = with pkgs; [ matrix-construct screen ];
30 systemd.services.matrix-synapse.environment = {
31 SYNAPSE_CACHE_FACTOR = "4.0";
32 };
33 services.matrix-synapse = rec {
42 environment.systemPackages = with pkgs; [ screen ];
43 services.matrix-dendrite = rec {
3444 enable = true;
35 server_name = "sn.${usr.secrets.domains.srvc}";
36 enable_registration = true;
37 inherit (usr.secrets.matrix.synapse) registration_shared_secret;
38 public_baseurl = "https://matrix.${usr.secrets.domains.srvc}/";
39 tls_certificate_path = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
40 tls_private_key_path = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
41 database_type = "psycopg2";
42 database_args = {
43 user = "matrix-synapse";
44 database = "matrix-synapse";
45 host = hostAddress;
45 generatePrivateKey = true;
46 generateTls = false;
47 httpPort = 8008;
48 settings = let
49 mkDb = with {
50 authority = "dendrite";
51 hostname = hostAddress;
52 }; name: "postgresql://${authority}@${hostname}/dendrite-${name}?sslmode=disable";
53 in {
54 global.server_name = "${usr.secrets.domains.srvc}";
55 global.disable_federation = false;
56 global.kafka.use_naffka = true;
57 global.kafka.topic_prefix = "Dendrite";
58 global.kafka.naffka_database.connection_string = mkDb "naffka";
59 app_service_api.database.connection_string = mkDb "appservice";
60 federation_sender.database.connection_string = mkDb "federationsender";
61 key_server.database.connection_string = mkDb "keyserver";
62 media_api.database.connection_string = mkDb "mediaapi";
63 mscs.database.connection_string = mkDb "mscs";
64 room_server.database.connection_string = mkDb "roomserver";
65 signing_key_server.database.connection_string = mkDb "signingkeyserver";
66 sync_api.database.connection_string = mkDb "syncapi";
67 user_api.account_database.connection_string = mkDb "userapi-accounts";
68 user_api.device_database.connection_string = mkDb "userapi-devices";
69 client_api = {
70 registration_disabled = false;
71 inherit (usr.secrets.matrix.synapse) registration_shared_secret;
72 };
73 mscs.mscs = [ "msc2946" ];
4674 };
47 listeners = [
48 { # federation
49 bind_address = "";
50 port = 8448;
51 resources = [
52 { compress = true; names = [ "client" "webclient" ]; }
53 { compress = false; names = [ "federation" ]; }
54 ];
55 tls = true;
56 type = "http";
57 x_forwarded = false;
58 }
59 { # client
60 bind_address = "0.0.0.0";
61 port = 8008;
62 resources = [
63 { compress = true; names = [ "client" "webclient" ]; }
64 ];
65 tls = false;
66 type = "http";
67 x_forwarded = true;
68 }
69 ];
70 servers = {
71 "matrix.org" = { "ed25519:a_RXGa" = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; };
72 "privacytools.io" = { "ed25519:a_UqmI" = "NlVbHUvTMqHQmpXCQwEsSwJwzPju1o+xgzeCr92mc04"; };
73 "mozilla.org" = { "ed25519:0" = "RsDggkM9GntoPcYySc8AsjvGoD0LVz5Ru/B/o5hV9h4"; };
74 "disroot.org" = { "ed25519:a_ngBm" = "GhYGEZEw3s2DjbXThOhqmgntsRmgRYUFrw1i0BYDHJk"; };
75 "tchncs.de" = { "ed25519:a_rOPL" = "HZxh/ZZktCgLcsJgKw2tHS9lPcOo1kNBoEdeVtmkpeg"; };
76 };
77 extraConfig = ''
78 enable_group_creation: true
79 max_upload_size: "100M"
80 use_presence: false
81 '';
75 tlsCert = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
76 tlsKey = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
8277 };
8378
84 services.matrix-construct = {
85 enable = true;
86 useScreen = false;
87 server = "cs.${usr.secrets.domains.srvc}";
88 package = pkgs.matrix-construct.overrideAttrs (_: {
89 doInstallCheck = true;
90 });
79 services.nginx.enable = true;
80 services.nginx.virtualHosts.wellknown-matrix = {
81 locations = {
82 #"/.well-known/matrix/server".extraConfig = ''
83 # return 200 '{ "m.server": "${cfg.nginxVhost}:443" }';
84 #'';
85 #"/.well-known/matrix/client".extraConfig = ''
86 # return 200 '{ "m.homeserver": { "base_url": "https://${cfg.nginxVhost}" } }';
87 #'';
88 #"/_matrix".proxyPass = "http://localhost:8008";
89 "/server".extraConfig = ''
90 return 200 '{ "m.server": "${usr.secrets.domains.srvc}:443" }';
91 '';
92 "/client".extraConfig = ''
93 return 200 '{ "m.homeserver": { "base_url": "https://m.${usr.secrets.domains.srvc}" } }';
94 '';
95 };
9196 };
9297
93 systemd.services.restart-construct = {
94 serviceConfig = {
95 Type = "oneshot";
96 ExecStart = "systemctl restart matrix-construct.service";
97 };
98 };
99 systemd.timers.restart-construct = {
100 timerConfig = {
101 OnStartupSec = "1d";
102 OnUnitActiveSec = "1d";
103 };
104 wantedBy = [ "timers.target" ];
98 systemd.services.matrix-dendrite = {
99 serviceConfig.Group = "keys";
105100 };
106101
107102 networking.firewall.enable = false;
108103
109 users.users.matrix-synapse.extraGroups = [
110 "keys"
111 ];
112104 #users.users.construct.extraGroups = [
113105 # "keys"
114106 #];
115107 };
116108 bindMounts = {
109 "/var/lib/private/matrix-dendrite" = {
110 hostPath = "/var/lib/dendrite";
111 isReadOnly = false;
112 };
117113 "/var/lib/matrix-synapse" = {
118114 hostPath = "/var/lib/synapse";
119115 isReadOnly = false;
289289 inherit (withRel2003) bcachefs-tools; # to match kernel ver
290290 inherit (withNaersk.withSelfFlake) wgvanity wold mactelnet;
291291 inherit (withNix.withSelfFlake) nix-bundle;
292 inherit (withSelfFlake) matrix-dendrite;
292293
293294 #inherit (withSmall) firefox firefox-unwrapped;
294295 #inherit (withSmall) thunderbird obs-studio webkitgtk chromium qemu;
1414 environment.systemPackages = with pkgs; [ dhcp dhcpcd mactelnet ];
1515
1616 networking.namespacing.enable = false;
17 networking.wlanInterfaces = lib.mapAttrs (_: x: {
18 device = "wlan0";
19 } // x) {
20 wlan0 = { };
21 adhoc0 = {
22 type = "ibss";
23 };
24 p2p0 = { };
25 };
1726 networking.wireless = let
1827 useIwd = true;
1928 in {
143143 host all all 127.0.0.1/32 md5
144144 host all all ::1/128 md5
145145 host ${mastodon.name} ${mastodon.user} ${config.containers.mastodon.localAddress}/24 trust
146 host ${matrix-synapse.database_name} ${matrix-synapse.database_user} ${config.containers.matrix.localAddress}/24 trust
146 host all dendrite ${config.containers.matrix.localAddress}/24 trust
147147 '');
148148 services.openssh.enable = true;
149149 services.openssh.forwardX11 = true;
2828
2929 dejavu_nerdfont = prev.callPackage ./data/fonts/dejavu-nerdfont { };
3030
31 dendrite = prev.callPackage ./servers/dendrite { };
32
3331 dotnetPackages = recurseIntoAttrs (prev.dotnetPackages.override { overrides = dotnetOverride; });
3432
3533 electronmail = prev.callPackage ./applications/networking/mailreaders/electronmail { };
6058
6159 mactelnet = prev.callPackage ./applications/networking/mactelnet { };
6260
61 matrix-dendrite = prev.callPackage ./servers/dendrite { };
62
6363 miraclecast = prev.callPackage ./os-specific/linux/gnome-network-displays/default.nix { };
6464
6565 nodePackages = recurseIntoAttrs prev.nodePackages;
7474 };
7575 yacy = {
7676 entryPoints = [ "yacy" ];
77 rule = "Host(`yacy.${domains.home}`)";
7778 service = "yacy";
7879 };
7980 gpx = {
99100 entryPoints = [ "https" ];
100101 tls.domains = [{ main = "tw.${domains.srvc}"; }];
101102 };
102 synapse-http = {
103 entryPoints = [ "http" ];
104 rule = "Host(`sn.${domains.srvc}`)";
105 service = "synapse";
106 };
107 synapse-https = synapse-http // {
108 entryPoints = [ "https" "synapse" ];
109 tls.domains = [{ main = "sn.${domains.srvc}"; }];
110 };
111 construct-http = {
112 entryPoints = [ "http" ];
113 rule = "Host(`cs.${domains.srvc}`)";
114 service = "construct";
115 };
116 construct-https = construct-http // {
117 entryPoints = [ "https" "construct" ];
118 tls.domains = [{ main = "cs.${domains.srvc}"; }];
103 dendrite = {
104 entryPoints = [ "dendrite" ];
105 rule = "PathPrefix(`/_matrix`)";
106 service = "dendrite";
107 };
108 dendrite-http = dendrite // {
109 entryPoints = [ "http" ];
110 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/_matrix`)";
111 };
112 dendrite-https = dendrite-http // {
113 entryPoints = [ "https" ];
114 tls.domains = [
115 { main = "matrix.${domains.srvc}"; }
116 { main = "m.${domains.srvc}"; }
117 ];
118 };
119 dendrite-tls = dendrite // {
120 entryPoints = [ "dendrite-tls" ];
121 tls.domains = [{ main = "${domains.srvc}"; }];
122 };
123 dendrite-wellknown = dendrite // {
124 rule = "PathPrefix(`/.well-known/matrix`)";
125 service = "dendrite-wellknown";
126 middlewares = [ "matrix-wellknown" ];
127 };
128 dendrite-http-wellknown = dendrite-http // {
129 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
130 service = "dendrite-wellknown";
131 middlewares = [ "matrix-wellknown" ];
132 };
133 dendrite-https-wellknown = dendrite-https // {
134 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
135 service = "dendrite-wellknown";
136 middlewares = [ "matrix-wellknown" ];
137 };
138 dendrite-tls-wellknown = dendrite-wellknown // {
139 entryPoints = [ "dendrite-tls" ];
140 tls.domains = [{ main = "${domains.srvc}"; }];
119141 };
120142 certauth = {
121143 entryPoints = [ "http" "https" ];
262284 regex = "^(https?)://rc.${domains.home}/(.*)";
263285 replacement = "\${1}://dev.${domains.home}/nixrc/\${2}";
264286 };
287 };
288 matrix-wellknown = {
289 stripPrefix.prefixes = [ "/.well-known/matrix" ];
265290 };
266291 #Middleware00 = { addPrefix = { prefix = "foobar"; }; };
267292 #Middleware01 = {
517542 { url = "https://10.6.0.2:443"; }
518543 ];
519544 };
520 synapse.loadBalancer = {
521 servers = [
522 { url = "https://10.7.0.2:8448"; }
545 dendrite.loadBalancer = {
546 passHostHeader = true;
547 servers = [
548 { url = "http://10.7.0.2:8008"; }
549 ];
550 };
551 dendrite-wellknown.loadBalancer = {
552 servers = [
553 { url = "http://10.7.0.2:80"; }
523554 ];
524555 };
525556 construct.loadBalancer = {
842873 ircs = {
843874 address = ":6697/tcp";
844875 };
845 synapse = {
846 address = ":8448/tcp";
847 };
848876 yacy = {
849877 address = ":8090/tcp";
878 };
879 dendrite = {
880 address = ":8008/tcp";
881 };
882 dendrite-tls = {
883 address = ":8448/tcp";
850884 };
851885 jellyfin = {
852886 address = ":8096/tcp";
1818 (require 'cl-lib)
1919 (require 's)
2020 (defun update-load-paths ()
21 (interactive)
2122 (cl-flet ((add-paths-for (dir) (let ((default-directory dir))
2223 (when (file-directory-p default-directory)
2324 (normal-top-level-add-subdirs-to-load-path)))))