n/zorigami: add matrix (dendrite) server instance for automata.of-a.cat

+ a side dish of `nix fmt` inconsistencies

nixos/zorigami/default.nix

@@ -65,6 +65,10 @@
   };
   age.secrets.acmeZorigamiZajebaLi.file =
     ../../secrets/acme-zorigami-zajeba.li.age;
+  age.secrets.automataDendritePrivateKey.file =
+    ../../secrets/automata.of-a.cat-matrix_key.pem.age;
+  age.secrets.automataDendriteEnv.file =
+    ../../secrets/automata.of-a.cat-matrix_env.age;
 
   nibylandia.monitoring-server = { domain = "monitoring.is-a.cat"; };
 
@@ -200,7 +204,7 @@
   };
 
   services.postgresql.ensureDatabases =
-    [ "nextcloud" "matrix-synapse" "mastodon" ];
+    [ "nextcloud" "matrix-synapse" "mastodon" "dendrite" ];
   services.postgresql.ensureUsers = [
     {
       name = "nextcloud";
@@ -214,6 +218,10 @@
       name = "mastodon";
       ensureDBOwnership = true;
     }
+    {
+      name = "dendrite";
+      ensureDBOwnership = true;
+    }
   ];
 
   systemd.services."nextcloud-setup" = {
@@ -262,6 +270,48 @@
   };
   services.dovecot2.sieve.extensions = [ "fileinto" ];
 
+  # automata.of-a.cat
+  services.dendrite = {
+    enable = true;
+    httpPort = 8108;
+    loadCredential = [
+      "matrix-server-key:${config.age.secrets.automataDendritePrivateKey.path}"
+    ];
+    environmentFile = config.age.secrets.automataDendriteEnv.path;
+
+    settings = let
+      database_config = {
+        connection_string = "postgresql:///dendrite?host=/run/postgresql";
+        max_open_conns = 10;
+        max_idle_conns = 5;
+      };
+    in {
+      global = {
+        server_name = "automata.of-a.cat";
+        private_key = "$CREDENTIALS_DIRECTORY/matrix-server-key";
+        jetstream.storage_path = "/var/lib/dendrite/";
+      };
+
+      client_api = {
+        registration_disabled = true;
+        rate_limiting.enabled = false;
+        registration_shared_secret = ''''${REGISTRATION_SHARED_SECRET}'';
+      };
+
+      app_service_api.database = database_config;
+      federation_api.database = database_config;
+      key_server.database = database_config;
+      media_api.database = database_config;
+      mscs.database = database_config;
+      room_server.database = database_config;
+      sync_api.database = database_config;
+      user_api.account_database = database_config;
+      user_api.device_database = database_config;
+      relay_api.device_database = database_config;
+    };
+  };
+
+  # is-a.cat
   services.matrix-synapse = {
     enable = true;
     settings = {
@@ -541,6 +591,30 @@
         };
       };
     };
+    ${config.services.dendrite.settings.global.server_name} = {
+      enableACME = true;
+      forceSSL = true;
+      locations = {
+        "/.well-known/matrix/server".return = ''
+          200 "{\"m.server\":\"matrix.${config.services.dendrite.settings.global.server_name}:443\",\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
+        '';
+        "/.well-known/matrix/client".return = ''
+          200 "{\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
+        '';
+      };
+    };
+    "matrix.${config.services.dendrite.settings.global.server_name}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations = {
+        "/_matrix".proxyPass =
+          "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+        "/_dendrite".proxyPass =
+          "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+        "/_synapse".proxyPass =
+          "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+      };
+    };
     "rower.zajeba.li" = {
       enableACME = true;
       forceSSL = true;

pkgs/glitch-soc/emoji.nix

@@ -1,5 +1,5 @@
 # autogenerated file
-{fetchpatch, fetchurl}: {
+{ fetchpatch, fetchurl }: {
   patches = [
     (fetchpatch {
       url =

secrets.nix

@@ -96,4 +96,8 @@ in {
   ]); # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
   "secrets/acme-zorigami-zajeba.li.age".publicKeys = meta.users.ar
     ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/automata.of-a.cat-matrix_key.pem.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
+  "secrets/automata.of-a.cat-matrix_env.age".publicKeys = meta.users.ar
+    ++ [ meta.hosts.zorigami.publicKey ];
 }

secrets/automata.of-a.cat-matrix_env.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 kY4Rgg anzcoH0kLJb2Azom1hBIT1eVbzv1yctL3l6c8gfjwzk
+DDhgP/3+hIROP4d8xQ2apBDB6WTmXb3Q9AcEYdIeUIM
+-> ssh-ed25519 grc4Uw La7w09KGxP8xifVbikW83CJdhMA5ufgZLX6e0kQ6Gl0
+fxyMY6lq+OpU6HmUxr9SgZ4JDbWgWN9LAjSbFklU5o4
+-> ssh-ed25519 DLT88w v4qUHpFJK918iuY3IyRxIOZpWbpaL6OpRKBVU7pEET4
+/nRHMyt5B3wfnqWhk+116qBvXlQlRZ4MDuzBscKQ3Xg
+--- DKfwaXi8Uhc6mWjkIR1drR8QrsnjG7Z1233qyOker2g
+C™;$y”J
+ý‹-©QÛØý1<C3BD>ùs}ÔÖ
žà½5Ç<35>ÂXÎCÉ<43>¤DG)ãY…O×g=&ô¥
+ÌP‘}RwÞ‡
+ëd*Ÿ¤Y–‰Ãìs“˜jN¡®š„sL0Û<30>kV•MPeé‹

secrets/automata.of-a.cat-matrix_key.pem.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 kY4Rgg Gf4ZeBJ6c6YqrBXiaL26rwKfnHklKQgjobQ0PcrB0m4
+EFj/+2bzZa/3HDv4kRBKmc9A79lljtxvH8eHOBbarYg
+-> ssh-ed25519 grc4Uw 65LBccbQNOiDt/ItwGAG4Zrwv9yhWIgDJisGA22sbmU
+38LT/tEb7hWBlcDSV8yY3Wozg3w5wc0Gc69Uf1SSTvw
+-> ssh-ed25519 DLT88w xkiPn6h1P5X0el8S1mxvdGzbzqkzMeX1EugI5jhyB00
+/jn34J6c1NLerwVcCySZ6u4O0LKsCtnAlItCvKx9ziM
+--- WwJnBwgvC3tYkIWTQqUHjuzXAGblCw3Lvldic9Rp9K8
+7R)<29>!í+•ãÎUQê˜ÕGÐZÌf&è€ÞÿÚß•²DfŠPâ¿·)ñ…¯-.pìðòv_¯dáQçÅ+ÒG~|t1ÞÀ¢®}M…-êþ!s©hEL{Ú˜†ioØß<Ó–É,mI3«ÀD*Cw²O©÷uîTу:·VÖÅÑÄÉϱî_[(ñPy­$¥xX;ÂñS<C3B1>‚G–Ûߺ“ge
+üÙ{îA