diff options
| author | Soispha <soispha@vhack.eu> | 2023-10-13 18:19:21 +0200 | 
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-10-14 16:21:07 +0200 | 
| commit | 1fda2742810c69e9a4c574d77ac18f69a24bfb5e (patch) | |
| tree | 50bc268bb09026017a7ec506802616323372c64b /system | |
| parent | fix(system/services/miniflux): Set correct subdomain, but leave alias (diff) | |
| download | nixos-server-1fda2742810c69e9a4c574d77ac18f69a24bfb5e.zip | |
Style(treewide): Merge attrs together
Diffstat (limited to 'system')
| -rw-r--r-- | system/services/matrix/default.nix | 162 | ||||
| -rw-r--r-- | system/services/nix-sync/default.nix | 10 | 
2 files changed, 87 insertions, 85 deletions
| diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix index ed3b567..9148f66 100644 --- a/system/services/matrix/default.nix +++ b/system/services/matrix/default.nix @@ -18,98 +18,100 @@ in { networking.firewall.allowedTCPPorts = [80 443]; - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - --Matrix: - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; + services = { + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + --Matrix: + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; - --Whatsapp-bridge: - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + --Whatsapp-bridge: + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { - "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + "vhack.eu" = { + enableACME = true; + forceSSL = true; + locations = { + "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; }; - }; - "matrix.vhack.eu" = { - enableACME = true; - forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; - locations = { - "/_matrix".proxyPass = "http://[::1]:8008"; - "/_synapse/client".proxyPass = "http://[::1]:8008"; + "matrix.vhack.eu" = { + enableACME = true; + forceSSL = true; + locations = { + "/".return = "404"; + "/_matrix".proxyPass = "http://[::1]:8008"; + "/_synapse/client".proxyPass = "http://[::1]:8008"; + }; }; }; }; - }; - services.mautrix-whatsapp = { - enable = true; - settings = { - appservice = { - database = { - type = "postgres"; - uri = "postgres:///mautrix-whatsapp?host=/run/postgresql"; + mautrix-whatsapp = { + enable = true; + settings = { + appservice = { + database = { + type = "postgres"; + uri = "postgres:///mautrix-whatsapp?host=/run/postgresql"; + }; + whatsapp = { + # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list. + # This also determints the whatsapp icon + browser_name = "unknown"; + }; }; - whatsapp = { - # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list. - # This also determints the whatsapp icon - browser_name = "unknown"; + homeserver.address = "https://matrix.vhack.eu"; + bridge.permissions = { + "@soispha:vhack.eu" = "admin"; + "@sils:vhack.eu" = "admin"; + "@nightingale:vhack.eu" = "admin"; }; }; - homeserver.address = "https://matrix.vhack.eu"; - bridge.permissions = { - "@soispha:vhack.eu" = "admin"; - "@sils:vhack.eu" = "admin"; - "@nightingale:vhack.eu" = "admin"; - }; }; - }; - services.matrix-synapse = { - enable = true; - dataDir = "/var/lib/matrix"; - configFile = "/etc/matrix/matrix.conf"; - settings = { - media_store_path = "/var/lib/matrix/media_store"; - registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}"; - server_name = "vhack.eu"; - listeners = [ - { - port = 8008; - bind_addresses = ["::1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = true; - } - ]; - } - ]; + matrix-synapse = { + enable = true; + dataDir = "/var/lib/matrix"; + configFile = "/etc/matrix/matrix.conf"; + settings = { + media_store_path = "/var/lib/matrix/media_store"; + registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}"; + server_name = "vhack.eu"; + listeners = [ + { + port = 8008; + bind_addresses = ["::1"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; + compress = true; + } + ]; + } + ]; + }; }; }; } diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix index 8c466b8..9826870 100644 --- a/system/services/nix-sync/default.nix +++ b/system/services/nix-sync/default.nix @@ -236,12 +236,12 @@ in { message = "Your cachePath ('${cfg.cachePath}') ends with a slash ('/'), please use: '${lib.strings.removeSuffix "/" cfg.cachePath}'."; } ]; + systemd = { + tmpfiles.rules = + generatedDirectories; - systemd.tmpfiles.rules = - generatedDirectories; - - systemd.services = services; - systemd.timers = timers; + inherit services timers; + }; users.users = if cfg.user == "nix-sync" then { | 
