+27 -22

profiles/matrix/default.nix

reviewed

··· 2 2 3 3 { 4 4 imports = [ 5 5 - ./mautrix-telegram 5 5 + ./mautrix-telegram.nix 6 6 # ./mjolnir.nix # need to create the mod user 7 7 ./heisenbridge.nix 8 8 ]; 9 9 environment.systemPackages = [ pkgs.matrix-synapse-tools.rust-synapse-compress-state ]; 10 10 + age.secrets.synapse-database-password.file = "${self}/secrets/synapse-database-password.age"; 11 11 + age.secrets.synapse-database-password.owner = "matrix-synapse"; 12 12 + age.secrets.synapse-database-password.file = "${self}/secrets/synapse-config.age"; 13 13 + age.secrets.synapse-database-password.owner = "matrix-synapse"; 10 14 11 15 services.matrix-synapse = { 12 16 enable = true; ··· 45 49 "turn:turn.sealight.xyz:3478?transport=udp" 46 50 "turn:turn.sealight.xyz:3478?transport=tcp" 47 51 ]; 48 48 - turn_shared_secret = config.services.coturn.static-auth-secret; 49 49 - extraConfig = '' 50 50 - max_upload_size: "50M" 51 51 - use_presence: false 52 52 - registration_shared_secret: "hD9HQGTTDxp0mQsQ5JDsfudWMDiubmZENOgPchIvfBvUlPxlvQSvjoO4wn2L1seU"; # TODO agenix 53 53 - ''; 52 52 + # turn_shared_secret = config.services.coturn.static-auth-secret; 53 53 + extraConfig = "/run/agenix/synapse-config"; 54 54 + # Example config (saved as secret??) 55 55 + # '' 56 56 + # max_upload_size: "50M" 57 57 + # use_presence: false 58 58 + # registration_shared_secret: "hD9HQGTTDxp0mQsQ5JDsfudWMDiubmZENOgPchIvfBvUlPxlvQSvjoO4wn2L1seU"; 59 59 + # enable_registration_without_verification: true 60 60 + # ''; 54 61 enable_metrics = true; 55 55 - enable_registration = false; 62 62 + enable_registration = true; 56 63 database = { 57 64 name = "psycopg2"; 58 58 - args.password = "Da0?H*9i{x?,]|kq@iBwlIzu"; # TODO agenix 65 65 + args.passfile = "/run/agenix/synapse-database-password"; 59 66 }; 60 67 }; 61 68 ## coturn based TURN server integration (TURN server setup mentioned later), ··· 96 103 # ''; 97 104 # }; 98 105 99 99 - security.acme.certs.${config.services.coturn.realm} = { 100 100 - /* insert here the right configuration to obtain a certificate */ 101 101 - webroot = "/var/lib/acme/acme-challenge/"; 102 102 - email = "anish+acme@lakhwara.com"; 103 103 - postRun = "systemctl restart coturn.service"; 104 104 - group = "turnserver"; 105 105 - }; 106 106 + # security.acme.certs.${config.services.coturn.realm} = { 107 107 + # /* insert here the right configuration to obtain a certificate */ 108 108 + # webroot = "/var/lib/acme/acme-challenge/"; 109 109 + # email = "anish+acme@lakhwara.com"; 110 110 + # postRun = "systemctl restart coturn.service"; 111 111 + # group = "turnserver"; 112 112 + # }; 106 113 107 114 # TODO fix up jitsi bridge stuff 108 115 ## services.jitsi-meet = { ··· 119 126 ## by default is matrix-synapse 120 127 # TODO agenix 121 128 initialScript = pkgs.writeText "synapse-init.sql" '' 122 122 - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD "Da0?H*9i{x?,]|kq@iBwlIzu"; 129 129 + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD "s0m3s3cur3p455w0rdth4tisch4ng3d"; 123 130 CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" 124 131 TEMPLATE template0 125 132 LC_COLLATE = "C" ··· 202 209 ## virtual host for Synapse 203 210 "chat.sealight.xyz" = { 204 211 forceSSL = true; 205 205 - enableACME = true; # TODO 206 206 - #useACMEHost = "sealight.xyz"; 212 212 + enableACME = true; 207 213 locations."/" = { 208 214 proxyPass = "http://localhost:8448"; 209 215 }; ··· 211 217 ## virtual host for Riot/Web 212 218 "element.sealight.xyz" = { 213 219 forceSSL = true; 214 214 - enableACME = true; # TODO 215 215 - #useACMEHost = "sealight.xyz"; 216 216 - ## root points to the riot-web package content, also configured via Nix 220 220 + enableACME = true; 221 221 + ## root points to the element-web package content, also configured via Nix 217 222 locations."/" = { 218 223 root = pkgs.element-web; 219 224 };

+3 -1

profiles/matrix/mautrix-telegram.nix

reviewed

··· 1 1 { config, lib, pkgs, ... }: 2 2 { 3 3 + age.secrets.telegram-matrix-env.file = "${self}/secrets/telegram-matrix-env.age"; 4 4 + age.secrets.telegram-matrix-env.owner = "mautrix-telegram"; 3 5 services.mautrix-telegram = { 4 6 enable = true; 5 5 - environmentFile = /etc/secrets/telegram.env; # TODO agenix 7 7 + environmentFile = "/run/agenix/telegram-matrix-env"; 6 8 # TODO use pgsql 7 9 # The appservice is pre-configured to use SQLite by default. It's also possible to use PostgreSQL. 8 10 settings = {

+3 -1

profiles/matrix/mjolnir.nix

reviewed

··· 1 1 { pkgs, lib, config, ... }: 2 2 { 3 3 + age.secrets.sealight-mod-password.file = "${self}/secrets/sealight-mod-password.age"; 4 4 + age.secrets.sealight-mod-password.owner = "mjolnir"; 3 5 services.mjolnir = { 4 6 enable = true; 5 7 protectedRooms = [ ··· 13 15 pantalaimon = { 14 16 enable = true; 15 17 username = "mod"; 16 16 - passwordFile = "/run/agenix/sealight-mod-password"; # TODO 18 18 + passwordFile = "/run/agenix/sealight-mod-password"; 17 19 options.homeserver = config.services.mjolnir.homeserverUrl; 18 20 }; 19 21 };