dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos: Initial Synapse

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-06-10 23:25:55 +01:00
parent 3edb54fef6
commit 3085df1710
11 changed files with 134 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@@ -15,7 +15,7 @@
};
};
configuration = { lib, pkgs, config, assignments, ... }:
configuration = { lib, pkgs, config, assignments, allAssignments, ... }:
let
inherit (lib) mkMerge mkIf;
inherit (lib.my) networkdAssignment;
@@ -28,8 +28,11 @@
server.enable = true;
secrets = {
#key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkly/tnPmoX05lDjEpQOkllPqYA0PY92pOKqvx8Po02";
files."synapse.yaml" = {};
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1ajgIF5V14bf9Zol567k2ieeg1zEd1vJ6gXkydE5UT";
files."synapse.yaml" = {
owner = "matrix-synapse";
group = "matrix-synapse";
};
};
firewall = {
@@ -42,13 +45,80 @@
};
services = {
#matrix-synapse = {
# enable = true;
# withJemalloc = true;
# settings = {
matrix-synapse = {
enable = true;
withJemalloc = true;
# };
#};
extraConfigFiles = [ config.age.secrets."synapse.yaml".path ];
settings = {
server_name = "nul.ie";
public_baseurl = "https://matrix.nul.ie";
admin_contact = "dev@nul.ie";
prescence.enabled = true;
listeners = [
{
port = 8008;
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
compress = false;
names = [ "client" "federation" ];
}
];
}
{
port = 9000;
bind_addresses = [ "127.0.0.1" "::1" ];
type = "manhole";
# The NixOS module has defaults for these that we need to override since they don't make sense here
tls = false;
resources = [];
}
];
# Even public options must be in the secret file because options are only merged at the top level.
# Let's just override the defaults in the base config to keep Nix happy
database = {
name = "sqlite3";
args.database = "/dev/null";
};
#media_store_path = "/var/lib/synapse-media";
max_upload_size = "1024M";
dynamic_thumbnails = true;
url_preview_enabled = true;
url_preview_ip_range_blacklist = [
"127.0.0.0/8"
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
"100.64.0.0/10"
"192.0.0.0/24"
"169.254.0.0/16"
"192.88.99.0/24"
"198.18.0.0/15"
"192.0.2.0/24"
"198.51.100.0/24"
"203.0.113.0/24"
"224.0.0.0/4"
"::1/128"
"fe80::/10"
"fc00::/7"
"2001:db8::/32"
"ff00::/8"
"fec0::/10"
] ++ (with lib.my.colony.prefixes; [ all.v4 all.v6 ]);
url_preview_ip_range_whitelist =
with allAssignments.middleman.internal;
[ ipv4.address ipv6.address ];
enable_registration = false;
allow_guest_access = false;
};
};
};
}
(mkIf config.my.build.isDevVM {

6
nixos/boxes/colony/vms/shill/containers/colony-psql.nix
View File

@@ -6,6 +6,7 @@
assignments = {
internal = {
name = "colony-psql-ctr";
altNames = [ "colony-psql" ];
domain = lib.my.colony.domain;
ipv4.address = "${lib.my.colony.start.ctrs.v4}4";
ipv6 = {
@@ -45,6 +46,11 @@
package = pkgs.postgresql_14;
enable = true;
enableTCPIP = true;
authentication = with lib.my.colony.prefixes; ''
host all all ${all.v4} md5
host all all ${all.v6} md5
'';
ensureUsers = [
{
name = "root";

1
nixos/boxes/colony/vms/shill/containers/default.nix
View File

@@ -3,5 +3,6 @@
./middleman
./vaultwarden.nix
./colony-psql.nix
./chatterbox.nix
];
}

1
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -104,6 +104,7 @@
middleman = {};
vaultwarden = {};
colony-psql = {};
chatterbox = {};
};
};
}

9
nixos/modules/tmproot.nix
View File

@@ -245,6 +245,15 @@ in
}
];
})
(mkIf config.services.matrix-synapse.enable {
my.tmproot.persistence.config.directories = [
{
directory = config.services.matrix-synapse.dataDir;
user = "matrix-synapse";
group = "matrix-synapse";
}
];
})
(mkIf config.my.build.isDevVM {
fileSystems = mkVMOverride {
# Hijack the "root" device for persistence in the VM