n/zorigami: add matrix (dendrite) server instance for automata.of-a.cat
+ a side dish of `nix fmt` inconsistencies
This commit is contained in:
parent
2f2f2eaf90
commit
d77e178b32
6 changed files with 1598 additions and 1237 deletions
|
@ -65,6 +65,10 @@
|
|||
};
|
||||
age.secrets.acmeZorigamiZajebaLi.file =
|
||||
../../secrets/acme-zorigami-zajeba.li.age;
|
||||
age.secrets.automataDendritePrivateKey.file =
|
||||
../../secrets/automata.of-a.cat-matrix_key.pem.age;
|
||||
age.secrets.automataDendriteEnv.file =
|
||||
../../secrets/automata.of-a.cat-matrix_env.age;
|
||||
|
||||
nibylandia.monitoring-server = { domain = "monitoring.is-a.cat"; };
|
||||
|
||||
|
@ -200,7 +204,7 @@
|
|||
};
|
||||
|
||||
services.postgresql.ensureDatabases =
|
||||
[ "nextcloud" "matrix-synapse" "mastodon" ];
|
||||
[ "nextcloud" "matrix-synapse" "mastodon" "dendrite" ];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
|
@ -214,6 +218,10 @@
|
|||
name = "mastodon";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "dendrite";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services."nextcloud-setup" = {
|
||||
|
@ -262,6 +270,48 @@
|
|||
};
|
||||
services.dovecot2.sieve.extensions = [ "fileinto" ];
|
||||
|
||||
# automata.of-a.cat
|
||||
services.dendrite = {
|
||||
enable = true;
|
||||
httpPort = 8108;
|
||||
loadCredential = [
|
||||
"matrix-server-key:${config.age.secrets.automataDendritePrivateKey.path}"
|
||||
];
|
||||
environmentFile = config.age.secrets.automataDendriteEnv.path;
|
||||
|
||||
settings = let
|
||||
database_config = {
|
||||
connection_string = "postgresql:///dendrite?host=/run/postgresql";
|
||||
max_open_conns = 10;
|
||||
max_idle_conns = 5;
|
||||
};
|
||||
in {
|
||||
global = {
|
||||
server_name = "automata.of-a.cat";
|
||||
private_key = "$CREDENTIALS_DIRECTORY/matrix-server-key";
|
||||
jetstream.storage_path = "/var/lib/dendrite/";
|
||||
};
|
||||
|
||||
client_api = {
|
||||
registration_disabled = true;
|
||||
rate_limiting.enabled = false;
|
||||
registration_shared_secret = ''''${REGISTRATION_SHARED_SECRET}'';
|
||||
};
|
||||
|
||||
app_service_api.database = database_config;
|
||||
federation_api.database = database_config;
|
||||
key_server.database = database_config;
|
||||
media_api.database = database_config;
|
||||
mscs.database = database_config;
|
||||
room_server.database = database_config;
|
||||
sync_api.database = database_config;
|
||||
user_api.account_database = database_config;
|
||||
user_api.device_database = database_config;
|
||||
relay_api.device_database = database_config;
|
||||
};
|
||||
};
|
||||
|
||||
# is-a.cat
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -541,6 +591,30 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
${config.services.dendrite.settings.global.server_name} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/.well-known/matrix/server".return = ''
|
||||
200 "{\"m.server\":\"matrix.${config.services.dendrite.settings.global.server_name}:443\",\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
|
||||
'';
|
||||
"/.well-known/matrix/client".return = ''
|
||||
200 "{\"m.homeserver\":{\"base_url\":\"https://matrix.${config.services.dendrite.settings.global.server_name}\"}}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
"matrix.${config.services.dendrite.settings.global.server_name}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/_matrix".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
"/_dendrite".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
"/_synapse".proxyPass =
|
||||
"http://127.0.0.1:${toString config.services.dendrite.httpPort}";
|
||||
};
|
||||
};
|
||||
"rower.zajeba.li" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# autogenerated file
|
||||
{fetchpatch, fetchurl}: {
|
||||
{ fetchpatch, fetchurl }: {
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url =
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -96,4 +96,8 @@ in {
|
|||
]); # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time
|
||||
"secrets/acme-zorigami-zajeba.li.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/automata.of-a.cat-matrix_key.pem.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
"secrets/automata.of-a.cat-matrix_env.age".publicKeys = meta.users.ar
|
||||
++ [ meta.hosts.zorigami.publicKey ];
|
||||
}
|
||||
|
|
12
secrets/automata.of-a.cat-matrix_env.age
Normal file
12
secrets/automata.of-a.cat-matrix_env.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg anzcoH0kLJb2Azom1hBIT1eVbzv1yctL3l6c8gfjwzk
|
||||
DDhgP/3+hIROP4d8xQ2apBDB6WTmXb3Q9AcEYdIeUIM
|
||||
-> ssh-ed25519 grc4Uw La7w09KGxP8xifVbikW83CJdhMA5ufgZLX6e0kQ6Gl0
|
||||
fxyMY6lq+OpU6HmUxr9SgZ4JDbWgWN9LAjSbFklU5o4
|
||||
-> ssh-ed25519 DLT88w v4qUHpFJK918iuY3IyRxIOZpWbpaL6OpRKBVU7pEET4
|
||||
/nRHMyt5B3wfnqWhk+116qBvXlQlRZ4MDuzBscKQ3Xg
|
||||
--- DKfwaXi8Uhc6mWjkIR1drR8QrsnjG7Z1233qyOker2g
|
||||
C™;$y”J
|
||||
ý‹-©QÛØý1<C3BD>ùs}ÔÖžà½5Ç<35>ÂXÎCÉ<43>¤DG)ãY…O×g=&ô¥
|
||||
ÌP‘}RwÞ‡
|
||||
ëd*Ÿ¤Y–‰Ãìs“˜jN¡®š„sL0Û<30>kV•MPeé‹
|
10
secrets/automata.of-a.cat-matrix_key.pem.age
Normal file
10
secrets/automata.of-a.cat-matrix_key.pem.age
Normal file
|
@ -0,0 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 kY4Rgg Gf4ZeBJ6c6YqrBXiaL26rwKfnHklKQgjobQ0PcrB0m4
|
||||
EFj/+2bzZa/3HDv4kRBKmc9A79lljtxvH8eHOBbarYg
|
||||
-> ssh-ed25519 grc4Uw 65LBccbQNOiDt/ItwGAG4Zrwv9yhWIgDJisGA22sbmU
|
||||
38LT/tEb7hWBlcDSV8yY3Wozg3w5wc0Gc69Uf1SSTvw
|
||||
-> ssh-ed25519 DLT88w xkiPn6h1P5X0el8S1mxvdGzbzqkzMeX1EugI5jhyB00
|
||||
/jn34J6c1NLerwVcCySZ6u4O0LKsCtnAlItCvKx9ziM
|
||||
--- WwJnBwgvC3tYkIWTQqUHjuzXAGblCw3Lvldic9Rp9K8
|
||||
7R)<29>!í+•ãÎUQê˜ÕGÐZÌf&è€ÞÿÚß•²DfŠPâ¿·)ñ…¯-.pìðòv_¯dáQçÅ+ÒG~|t1ÞÀ¢®}M…-êþ!s©hEL{Ú˜†ioØß<Ó–É,mI3«ÀD*Cw²O©÷uîTу:·VÖÅÑÄÉϱî_[(ñPy$¥xX;ÂñS<C3B1>‚G–Ûߺ“ge
|
||||
üÙ{îA
|
Loading…
Reference in a new issue