dev.fron.io nixrc / bbedada
containers(matrix): switch to xmpp. bye dendrite! Tony Olagbaiye a month ago
4 changed file(s) with 80 addition(s) and 147 deletion(s). Raw diff Collapse all Expand all
+0
-145
containers/matrix.nix less more
0 { config, pkgs, lib, usr, flake, ... }:
1
2 let
3 hostAddress = "10.7.0.1";
4 localAddress = "10.7.0.2";
5 in {
6 services.postgresql = {
7 enable = true;
8 ensureUsers = [{
9 name = "dendrite";
10 ensurePermissions."DATABASE \"dendrite\"" = "ALL PRIVILEGES";
11 }];
12 ensureDatabases = [ "dendrite" ];
13 };
14
15 containers.matrix =
16 {
17 autoStart = true;
18 enableTun = true;
19 privateNetwork = true;
20 inherit hostAddress localAddress;
21
22 config =
23 { ... }:
24
25 {
26 #environment.memoryAllocator.provider = "jemalloc";
27
28 nixpkgs = { inherit pkgs; };
29
30 environment.systemPackages = with pkgs; [ screen jq vim ipfs ipfscat ];
31 environment.variables = {
32 IPFS_PATH = "/var/lib/ipfs";
33 };
34
35 services.matrix-dendrite = rec {
36 enable = true;
37 generatePrivateKey = true;
38 generateTls = false;
39 httpPort = 8008;
40 httpsPort = 8448;
41 settings = let
42 mkDb = with {
43 login = "dendrite";
44 hostname = hostAddress;
45 database = "dendrite";
46 args = "sslmode=disable";
47 }; name: "postgresql://${login}@${hostname}/${database}?${args}";
48 in {
49 global.server_name = "${usr.secrets.domains.srvc}";
50 global.disable_federation = false;
51 global.kafka.use_naffka = true;
52 global.kafka.topic_prefix = "Dendrite";
53 global.kafka.naffka_database.connection_string = mkDb "naffka";
54 app_service_api.database.connection_string = mkDb "appservice";
55 federation_sender.database.connection_string = mkDb "federationsender";
56 key_server.database.connection_string = mkDb "keyserver";
57 media_api.database.connection_string = mkDb "mediaapi";
58 mscs.database.connection_string = mkDb "mscs";
59 room_server.database.connection_string = mkDb "roomserver";
60 signing_key_server.database.connection_string = mkDb "signingkeyserver";
61 signing_key_server.prefer_direct_fetch = false;
62 signing_key_server.key_perspectives = [{
63 server_name = "matrix.org";
64 keys = [{
65 key_id = "ed25519:auto";
66 public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
67 } {
68 key_id = "ed25519:a_RXGa";
69 public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ";
70 }];
71 }];
72 sync_api.database.connection_string = mkDb "syncapi";
73 sync_api.real_ip_header = "X-Real-IP";
74 user_api.account_database.connection_string = mkDb "userapi-accounts";
75 user_api.device_database.connection_string = mkDb "userapi-devices";
76 client_api = {
77 registration_disabled = false;
78 inherit (usr.secrets.matrix.synapse) registration_shared_secret;
79 };
80 mscs.mscs = [ "msc2946" ];
81 logging = [{
82 type = "file";
83 level = "debug";
84 params.path = "/var/lib/matrix-dendrite/log";
85 }];
86 };
87 tlsCert = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
88 tlsKey = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
89 };
90
91 services.nginx.enable = true;
92 services.nginx.virtualHosts.wellknown-matrix = {
93 locations = {
94 "/server".extraConfig = ''
95 return 200 '{ "m.server": "m.${usr.secrets.domains.srvc}:443" }';
96 '';
97 "/client".extraConfig = ''
98 return 200 '{ "m.homeserver": { "base_url": "https://m.${usr.secrets.domains.srvc}" } }';
99 '';
100 };
101 };
102
103 systemd.services.matrix-dendrite = {
104 serviceConfig.Group = "keys";
105 };
106
107 networking.firewall.enable = false;
108
109 #users.users.construct.extraGroups = [
110 # "keys"
111 #];
112 };
113 bindMounts = {
114 "/var/lib/private/matrix-dendrite" = {
115 hostPath = "/var/lib/dendrite";
116 isReadOnly = false;
117 };
118 "/var/lib/matrix-synapse" = {
119 hostPath = "/var/lib/synapse";
120 isReadOnly = false;
121 };
122 "/var/lib/construct" = {
123 hostPath = "/var/lib/construct";
124 isReadOnly = false;
125 };
126 "/var/log/construct" = {
127 hostPath = "/var/log/construct";
128 isReadOnly = false;
129 };
130 "/var/lib/acme" = {
131 hostPath = "/var/lib/acme";
132 isReadOnly = true;
133 };
134 "/var/lib/ipfs" = {
135 hostPath = "/var/lib/ipfs";
136 isReadOnly = true;
137 };
138 "/run/ipfs.sock" = {
139 hostPath = "/run/ipfs.sock";
140 isReadOnly = false;
141 };
142 };
143 };
144 }
0 { config, pkgs, lib, usr, flake, ... }:
1
2 let
3 hostAddress = "10.7.0.1";
4 localAddress = "10.7.0.2";
5 in {
6 #services.postgresql = {
7 # enable = true;
8 # ensureUsers = [{
9 # name = "prosody";
10 # ensurePermissions."DATABASE \"prosody\"" = "ALL PRIVILEGES";
11 # }];
12 # ensureDatabases = [ "prosody" ];
13 #};
14
15 containers.xmpp =
16 {
17 autoStart = true;
18 enableTun = true;
19 privateNetwork = true;
20 inherit hostAddress localAddress;
21
22 config =
23 { ... }:
24
25 {
26 nixpkgs = { inherit pkgs; };
27
28 environment.systemPackages = with pkgs; [ jq vim ipfs ipfscat ];
29 environment.variables = {
30 IPFS_PATH = (pkgs.runCommand "ipfs-path" {
31 api = "/ip4/${usr.secrets.hosts.wireguard.ipv4.zeta}/tcp/5001";
32 passAsFile = [ "api" ];
33 } ''
34 mkdir $out
35 ln -s $apiPath $out/api
36 '').out;
37 };
38
39 services.prosody = rec {
40 enable = true;
41 admins = [ "bqv@jix.im" ];
42 allowRegistration = true;
43 httpPorts = [ 5280 ];
44 httpsPorts = [ 5281 ];
45 group = "keys";
46 modules.admin_adhoc = true;
47 modules.admin_telnet = true;
48 modules.bosh = true;
49 modules.groups = true;
50 modules.legacyauth = true;
51 modules.websocket = true;
52 muc = [{
53 domain = "xa0.uk";
54 maxHistoryMessages = 10000;
55 name = "Zeta Prosody";
56 }];
57 ssl.cert = "/var/lib/acme/${usr.secrets.domains.srvc}/fullchain.pem";
58 ssl.key = "/var/lib/acme/${usr.secrets.domains.srvc}/key.pem";
59 uploadHttp = {
60 domain = "xa0.uk";
61 };
62 };
63
64 networking.firewall.enable = false;
65 };
66 bindMounts = {
67 "/var/lib/prosody" = {
68 hostPath = "/var/lib/prosody";
69 isReadOnly = false;
70 };
71 "/var/lib/acme" = {
72 hostPath = "/var/lib/acme";
73 isReadOnly = true;
74 };
75 };
76 };
77 }
143143 host all all 127.0.0.1/32 md5
144144 host all all ::1/128 md5
145145 host ${mastodon.name} ${mastodon.user} ${config.containers.mastodon.localAddress}/24 trust
146 host dendrite dendrite ${config.containers.matrix.localAddress}/24 trust
146 host prosody prosody ${config.containers.xmpp.localAddress}/24 trust
147147 '');
148148 services.openssh.enable = true;
149149 services.openssh.forwardX11 = true;
1010 ../../containers/authority.nix # 10. 4.0.x
1111 ../../containers/search.nix # 10. 5.0.x
1212 ../../containers/mastodon.nix # 10. 6.0.x
13 ../../containers/matrix.nix # 10. 7.0.x
13 ../../containers/xmpp.nix # 10. 7.0.x
1414 ../../containers/hydroxide.nix # 10. 8.0.x
1515 ../../containers/anki.nix # 10. 9.0.x
1616 ../../containers/klaus.nix # 10.10.0.x