diff --git a/flake.lock b/flake.lock
index 9f98ebd..1ca3a6a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -14,11 +14,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1723293904,
- "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+ "lastModified": 1736955230,
+ "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+ "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
@@ -94,11 +94,11 @@
]
},
"locked": {
- "lastModified": 1734343412,
- "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=",
+ "lastModified": 1737038063,
+ "narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
"owner": "nix-community",
"repo": "disko",
- "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19",
+ "rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
"type": "github"
},
"original": {
@@ -185,11 +185,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1733312601,
- "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+ "lastModified": 1736143030,
+ "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+ "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@@ -257,16 +257,16 @@
]
},
"locked": {
- "lastModified": 1726989464,
- "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+ "lastModified": 1736373539,
+ "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+ "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-24.05",
+ "ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
@@ -280,11 +280,11 @@
]
},
"locked": {
- "lastModified": 1731518114,
- "narHash": "sha256-h9Wb3VjmXBZwTO3prRweUKwp2H9hZHCQKrkbU+2WPQs=",
+ "lastModified": 1738012343,
+ "narHash": "sha256-agMgWwVxXII+RtCqok8ROjzpKJung/5N5f2BVDmMC5Q=",
"ref": "main",
- "rev": "060ecccc5f8c92a0705ab91ff047811efd559468",
- "revCount": 36,
+ "rev": "4ffd7bc8ea032991756c5e8e8a37b039789045bc",
+ "revCount": 38,
"type": "git",
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
},
@@ -320,11 +320,11 @@
]
},
"locked": {
- "lastModified": 1733570843,
- "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
+ "lastModified": 1737926801,
+ "narHash": "sha256-un7IETRNjUm83jM5Gd/7BO4rCzzkom46O0FDMo5toaI=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "a35b08d09efda83625bef267eb24347b446c80b8",
+ "rev": "62ba0a22426721c94e08f0779ed8235d5672869b",
"type": "github"
},
"original": {
@@ -336,30 +336,30 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1734202038,
- "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=",
+ "lastModified": 1737885640,
+ "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d",
+ "rev": "4e96537f163fad24ed9eb317798a79afc85b51b7",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-24.05",
+ "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
- "lastModified": 1733096140,
- "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+ "lastModified": 1735774519,
+ "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"root": {
@@ -387,22 +387,21 @@
"nixpkgs": [
"unstable"
],
- "nixpkgs-24_05": [
+ "nixpkgs-24_11": [
"nixpkgs"
- ],
- "utils": "utils_2"
+ ]
},
"locked": {
- "lastModified": 1718084203,
- "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
+ "lastModified": 1734884447,
+ "narHash": "sha256-HA9fAmGNGf0cOYrhgoa+B6BxNVqGAYXfLyx8zIS0ZBY=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
- "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
+ "rev": "63209b1def2c9fc891ad271f474a3464a5833294",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
- "ref": "nixos-24.05",
+ "ref": "nixos-24.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
@@ -467,28 +466,13 @@
"type": "github"
}
},
- "systems_5": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"unstable": {
"locked": {
- "lastModified": 1734119587,
- "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
+ "lastModified": 1737885589,
+ "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
+ "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github"
},
"original": {
@@ -515,24 +499,6 @@
"repo": "flake-utils",
"type": "github"
}
- },
- "utils_2": {
- "inputs": {
- "systems": "systems_5"
- },
- "locked": {
- "lastModified": 1709126324,
- "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "d465f4819400de7c8d874d50b982301f28a84605",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 611d0e1..c7f18a6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,14 +1,14 @@
{
inputs = {
# Track channels with commits tested and built by hydra
- nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
fork.url = "github:teutat3s/nixpkgs/init-matrix-authentication-service-module";
nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
- home-manager.url = "github:nix-community/home-manager/release-24.05";
+ home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
@@ -37,8 +37,8 @@
element-stickers.inputs.maunium-stickerpicker.follows = "maunium-stickerpicker";
element-stickers.inputs.nixpkgs.follows = "nixpkgs";
- simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
- simple-nixos-mailserver.inputs.nixpkgs-24_05.follows = "nixpkgs";
+ simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
+ simple-nixos-mailserver.inputs.nixpkgs-24_11.follows = "nixpkgs";
simple-nixos-mailserver.inputs.nixpkgs.follows = "unstable";
};
@@ -108,9 +108,9 @@
nvfetcher
shellcheck
shfmt
- inputs.unstable.legacyPackages.${system}.treefmt2
+ treefmt2
nixos-generators
- inputs.unstable.legacyPackages.${system}.opentofu
+ opentofu
terraform-backend-git
terraform-ls
jq
@@ -132,7 +132,7 @@
system: deployLib: deployLib.deployChecks self.deploy
) inputs.deploy-rs.lib;
- formatter."x86_64-linux" = inputs.unstable.legacyPackages."x86_64-linux".nixfmt-rfc-style;
+ formatter."x86_64-linux" = inputs.nixpkgs.legacyPackages."x86_64-linux".nixfmt-rfc-style;
deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations {
nachtigall = {
diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix
index 62dc644..11daca5 100644
--- a/hosts/nachtigall/configuration.nix
+++ b/hosts/nachtigall/configuration.nix
@@ -73,22 +73,24 @@
owner = "matrix-synapse";
};
- age.secrets."matrix-synapse-sliding-sync-secret" = {
- file = "${flake.self}/secrets/matrix-synapse-sliding-sync-secret.age";
- mode = "400";
- owner = "matrix-synapse";
- };
-
age.secrets."matrix-authentication-service-secret-config.yml" = {
file = "${flake.self}/secrets/matrix-authentication-service-secret-config.yml.age";
mode = "400";
owner = "matrix-authentication-service";
};
+ # matrix-appservice-irc
+ age.secrets."matrix-appservice-irc-mediaproxy-signing-key" = {
+ file = "${flake.self}/secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age";
+ mode = "400";
+ owner = "matrix-appservice-irc";
+ };
+
pub-solar-os.matrix = {
enable = true;
+ appservice-irc.mediaproxy.signingKeyPath =
+ config.age.secrets."matrix-appservice-irc-mediaproxy-signing-key".path;
synapse = {
- sliding-sync.enable = false;
signing_key_path = config.age.secrets."matrix-synapse-signing-key".path;
extra-config-files = [
config.age.secrets."matrix-synapse-secret-config.yaml".path
diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix
index 100759a..e928436 100644
--- a/hosts/nachtigall/default.nix
+++ b/hosts/nachtigall/default.nix
@@ -9,12 +9,10 @@
./networking.nix
./wireguard.nix
./backups.nix
- "${flake.inputs.fork}/nixos/modules/services//matrix/matrix-authentication-service.nix"
- "${flake.inputs.unstable}/nixos/modules/services/web-apps/mastodon.nix"
+ "${flake.inputs.fork}/nixos/modules/services/matrix/matrix-authentication-service.nix"
];
disabledModules = [
- "services/matrix/matrix-authentication-service.nix "
- "services/web-apps/mastodon.nix"
+ "services/matrix/matrix-authentication-service.nix"
];
}
diff --git a/hosts/underground/configuration.nix b/hosts/underground/configuration.nix
index ff1c809..49efdfe 100644
--- a/hosts/underground/configuration.nix
+++ b/hosts/underground/configuration.nix
@@ -42,8 +42,17 @@
owner = "matrix-authentication-service";
};
+ # matrix-appservice-irc
+ age.secrets."matrix-appservice-irc-mediaproxy-signing-key" = {
+ file = "${flake.self}/secrets/staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age";
+ mode = "400";
+ owner = "matrix-appservice-irc";
+ };
+
pub-solar-os.matrix = {
enable = true;
+ appservice-irc.mediaproxy.signingKeyPath =
+ config.age.secrets."matrix-appservice-irc-mediaproxy-signing-key".path;
synapse = {
extra-config-files = [
config.age.secrets."staging-matrix-synapse-secret-config.yaml".path
diff --git a/hosts/underground/default.nix b/hosts/underground/default.nix
index 5a612a4..99fe5f9 100644
--- a/hosts/underground/default.nix
+++ b/hosts/underground/default.nix
@@ -7,10 +7,10 @@
./configuration.nix
./networking.nix
- "${flake.inputs.fork}/nixos/modules/services//matrix/matrix-authentication-service.nix"
+ "${flake.inputs.fork}/nixos/modules/services/matrix/matrix-authentication-service.nix"
];
disabledModules = [
- "services/matrix/matrix-authentication-service.nix "
+ "services/matrix/matrix-authentication-service.nix"
];
}
diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix
index 744d618..0de30ba 100644
--- a/modules/forgejo/default.nix
+++ b/modules/forgejo/default.nix
@@ -65,6 +65,7 @@
services.forgejo = {
enable = true;
+ package = pkgs.forgejo;
user = "gitea";
group = "gitea";
database = {
@@ -75,7 +76,7 @@
};
stateDir = "/var/lib/forgejo";
lfs.enable = true;
- mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
+ secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
settings = {
DEFAULT.APP_NAME = "pub.solar git server";
diff --git a/modules/keycloak/default.nix b/modules/keycloak/default.nix
index 38da6cf..d924717 100644
--- a/modules/keycloak/default.nix
+++ b/modules/keycloak/default.nix
@@ -50,7 +50,8 @@
hostname = "auth.${config.pub-solar-os.networking.domain}";
http-host = "127.0.0.1";
http-port = 8080;
- proxy = "edge";
+ proxy-headers = "xforwarded";
+ http-enabled = true;
};
themes = {
"pub.solar" =
diff --git a/modules/matrix-irc/default.nix b/modules/matrix-irc/default.nix
index 1b4fa82..c026d8c 100644
--- a/modules/matrix-irc/default.nix
+++ b/modules/matrix-irc/default.nix
@@ -16,111 +16,128 @@ let
synapseClientPort = "${toString listenerWithClient.port}";
in
{
- services.matrix-appservice-irc = {
- enable = true;
- localpart = "irc_bot";
- port = 8010;
- registrationUrl = "http://localhost:8010";
- settings = {
- homeserver = {
- domain = "${config.pub-solar-os.networking.domain}";
- url = "http://127.0.0.1:${synapseClientPort}";
- media_url = "https://matrix.${config.pub-solar-os.networking.domain}";
- enablePresence = false;
+ options.pub-solar-os = {
+ matrix.appservice-irc.mediaproxy = {
+ signingKeyPath = lib.mkOption {
+ description = "Path to file containing the IRC appservice mediaproxy signing key";
+ type = lib.types.str;
+ default = "/var/lib/matrix-appservice-irc/media-signingkey.jwk";
};
- ircService = {
- ident = {
- address = "::";
- enabled = false;
- port = 1113;
+ };
+ };
+ config = {
+ services.matrix-appservice-irc = {
+ enable = true;
+ localpart = "irc_bot";
+ port = 8010;
+ registrationUrl = "http://localhost:8010";
+ settings = {
+ homeserver = {
+ domain = "${config.pub-solar-os.networking.domain}";
+ url = "http://127.0.0.1:${synapseClientPort}";
+ enablePresence = false;
};
- logging = {
- # set to debug for debugging
- level = "warn";
- maxFiles = 5;
- toCosole = true;
- };
- matrixHandler = {
- eventCacheSize = 4096;
- };
- metrics = {
- enabled = true;
- remoteUserAgeBuckets = [
- "1h"
- "1d"
- "1w"
- ];
- };
- provisioning = {
- enabled = false;
- requestTimeoutSeconds = 300;
- };
- servers =
- let
- commonConfig = {
- allowExpiredCerts = false;
- botConfig = {
- enabled = false;
- joinChannelsIfNoUsers = false;
- nick = "MatrixBot";
- };
- dynamicChannels = {
- createAlias = true;
- enabled = true;
- federate = true;
- joinRule = "public";
- published = true;
- };
- ircClients = {
- allowNickChanges = true;
- concurrentReconnectLimit = 50;
- idleTimeout = 10800;
- lineLimit = 3;
- maxClients = 30;
- nickTemplate = "$DISPLAY[m]";
- reconnectIntervalMs = 5000;
- };
- matrixClients = {
- joinAttempts = -1;
- };
- membershipLists = {
- enabled = true;
- floodDelayMs = 10000;
- global = {
- ircToMatrix = {
- incremental = true;
- initial = true;
- };
- matrixToIrc = {
- incremental = true;
- initial = true;
+ ircService = {
+ ident = {
+ address = "::";
+ enabled = false;
+ port = 1113;
+ };
+ logging = {
+ # set to debug for debugging
+ level = "warn";
+ maxFiles = 5;
+ toCosole = true;
+ };
+ matrixHandler = {
+ eventCacheSize = 4096;
+ };
+ mediaProxy = {
+ signingKeyPath = config.pub-solar-os.matrix.appservice-irc.mediaproxy.signingKeyPath;
+ # keep media for 2 weeks
+ ttlSeconds = 1209600;
+ bindPort = 11111;
+ publicUrl = "https:///matrix.${config.pub-solar-os.networking.domain}/media";
+ };
+ metrics = {
+ enabled = true;
+ remoteUserAgeBuckets = [
+ "1h"
+ "1d"
+ "1w"
+ ];
+ };
+ provisioning = {
+ enabled = false;
+ requestTimeoutSeconds = 300;
+ };
+ servers =
+ let
+ commonConfig = {
+ allowExpiredCerts = false;
+ botConfig = {
+ enabled = false;
+ joinChannelsIfNoUsers = false;
+ nick = "MatrixBot";
+ };
+ dynamicChannels = {
+ createAlias = true;
+ enabled = true;
+ federate = true;
+ joinRule = "public";
+ published = true;
+ };
+ ircClients = {
+ allowNickChanges = true;
+ concurrentReconnectLimit = 50;
+ idleTimeout = 10800;
+ lineLimit = 3;
+ maxClients = 30;
+ nickTemplate = "$DISPLAY[m]";
+ reconnectIntervalMs = 5000;
+ };
+ matrixClients = {
+ joinAttempts = -1;
+ };
+ membershipLists = {
+ enabled = true;
+ floodDelayMs = 10000;
+ global = {
+ ircToMatrix = {
+ incremental = true;
+ initial = true;
+ };
+ matrixToIrc = {
+ incremental = true;
+ initial = true;
+ };
};
};
+ port = 6697;
+ privateMessages = {
+ enabled = true;
+ federate = true;
+ };
+ sasl = false;
+ sendConnectionMessages = true;
+ ssl = true;
};
- port = 6697;
- privateMessages = {
- enabled = true;
- federate = true;
+ in
+ {
+ "irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig {
+ name = "libera";
+ dynamicChannels.groupId = "+libera.chat:localhost";
+ dynamicChannels.aliasTemplate = "#_libera_$CHANNEL";
+ matrixClients.displayName = "$NICK (LIBERA-IRC)";
+ };
+ "irc.scratch-network.net" = lib.attrsets.recursiveUpdate commonConfig {
+ name = "scratch";
+ matrixClients.displayName = "$NICK (SCRATCH-IRC)";
+ dynamicChannels.aliasTemplate = "#_scratch_$CHANNEL";
+ dynamicChannels.groupId = "+scratch-network.net:localhost";
};
- sasl = false;
- sendConnectionMessages = true;
- ssl = true;
};
- in
- {
- "irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig {
- name = "libera";
- dynamicChannels.groupId = "+libera.chat:localhost";
- dynamicChannels.aliasTemplate = "#_libera_$CHANNEL";
- matrixClients.displayName = "$NICK (LIBERA-IRC)";
- };
- "irc.scratch-network.net" = lib.attrsets.recursiveUpdate commonConfig {
- name = "scratch";
- matrixClients.displayName = "$NICK (SCRATCH-IRC)";
- dynamicChannels.aliasTemplate = "#_scratch_$CHANNEL";
- dynamicChannels.groupId = "+scratch-network.net:localhost";
- };
- };
+ };
};
};
};
diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix
index 53fbb9a..d1b2fc2 100644
--- a/modules/matrix/default.nix
+++ b/modules/matrix/default.nix
@@ -32,11 +32,6 @@ in
type = lib.types.str;
default = "${config.services.matrix-synapse.dataDir}/homeserver.signing.key";
};
-
- sliding-sync.enable = lib.mkEnableOption {
- description = "Whether to enable a sliding-sync proxy, no longer needed with synapse version 1.114+";
- default = false;
- };
};
matrix-authentication-service = {
@@ -339,18 +334,6 @@ in
};
};
- services.matrix-sliding-sync = {
- enable = config.pub-solar-os.matrix.synapse.sliding-sync.enable;
- settings = {
- SYNCV3_SERVER = "https://${publicDomain}";
- SYNCV3_BINDADDR = "127.0.0.1:8011";
- # The bind addr for Prometheus metrics, which will be accessible at
- # /metrics at this address
- SYNCV3_PROM = "127.0.0.1:9100";
- };
- environmentFile = config.age.secrets."matrix-synapse-sliding-sync-secret".path;
- };
-
pub-solar-os.backups.restic.matrix-synapse = {
paths = [
"/var/lib/matrix-synapse"
diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix
index 662d1ce..9cda818 100644
--- a/modules/nextcloud/default.nix
+++ b/modules/nextcloud/default.nix
@@ -27,7 +27,7 @@
home = "/var/lib/nextcloud";
enable = true;
- package = pkgs.nextcloud29;
+ package = pkgs.nextcloud30;
https = true;
secretFile = config.age.secrets."nextcloud-secrets".path; # secret
maxUploadSize = "1G";
@@ -45,7 +45,6 @@
dbuser = "nextcloud";
dbtype = "pgsql";
dbname = "nextcloud";
- dbtableprefix = "oc_";
};
settings = {
diff --git a/modules/nginx-matrix/default.nix b/modules/nginx-matrix/default.nix
index 1d82c10..f6274d8 100644
--- a/modules/nginx-matrix/default.nix
+++ b/modules/nginx-matrix/default.nix
@@ -120,6 +120,13 @@ in
extraConfig = commonHeaders;
};
+ # For IRC appservice media proxy
+ "/media" = {
+ priority = 100;
+ proxyPass = "http://127.0.0.1:${toString (config.services.matrix-appservice-irc.settings.ircService.mediaProxy.bindPort)}";
+ extraConfig = commonHeaders;
+ };
+
# Forward to the auth service
"~ ^/_matrix/client/(.*)/(login|logout|refresh)" = {
priority = 100;
diff --git a/overlays/default.nix b/overlays/default.nix
index 33f0e1d..af9faa9 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -16,8 +16,6 @@
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker;
};
- mastodon = unstable.mastodon;
- matrix-authentication-service = unstable.matrix-authentication-service;
}
)
];
diff --git a/secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age b/secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age
new file mode 100644
index 0000000..f38c861
Binary files /dev/null and b/secrets/matrix-appservice-irc-mediaproxy-signing-key.jwk.age differ
diff --git a/secrets/matrix-synapse-sliding-sync-secret.age b/secrets/matrix-synapse-sliding-sync-secret.age
deleted file mode 100644
index 088e91b..0000000
--- a/secrets/matrix-synapse-sliding-sync-secret.age
+++ /dev/null
@@ -1,45 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 iDKjwg GPTqfaZZC6ze7BUkT1uF4VslvE29BFKm0+AlJk+DKQQ
-GxI7erqw8p3GrCArh5vZOiTmYh40DVisCphNyFhNTqM
--> ssh-ed25519 uYcDNw oo52Nh9BCO5NNF0YyzracKfvMifSiREsxyQqiRZ6WTs
-JvqwRX5yOMtEYgWyc7dIQs85wDghMRHQCIi6t5QxIwo
--> ssh-rsa f5THog
-w+B5hc0E9u1fFWNNPaTtPmJfPJWUBbRwHYK/T69g2ORNfaBYynl0LL4vSUs8o9Gw
-rwBY+cLpth6e4tS819H5C7HtvT47KR3KF8JLxVjA2mbVO83+BnWFjThjYB452CdI
-KZvQQPhkSH/43YF6pjxnQjNWB/wroScyjGVtUamcij7YHxt71z0AAnyqE5PgWEc6
-6/ao5gLfTKhcWpxkTTz8LHn05s9IppXywDrvpwtJaU8LKgJT2H6Epsaci348lG+I
-tAZYODhQqP+yKl92DZbuQQCjxH5CJfhdBs2ZR63hQPj9OrIFRjLg4V+1gdcxzAuz
-9FwwIeLq3uxWXPdwTRR8RUsHEGhKMcVty4PkW0vlt+VwZrZBhdz3k+ApVG7Jvclz
-MPZYLzKC0DiODqPuA23ye6suFRCHXYfq3ZyCIIN6wOci0X0crSr9ZXW4M8R7aWaZ
-XDeZRaUgvd54WI0HZhVWBvJQyswgUXf+/RkS4aI8IgnNV801x12h+mTdWX9BC/cD
-YRIWBnGkfTX4WM4OEE2VEgqSDuKl/90o2LFIquIIJULVd2Vs5C2S8FhJcsT7+HmL
-TFWnLeIfGbw7RDUeH0c/Bbg9NK11SZF0/VdRZcBQ/zIXBMBlL1EZsH1HfIfhKISN
-PyHFB5kfmuVIBhDXgtDdgjKfDmQL9/9Aq1U4ZMBcUKA
--> ssh-rsa kFDS0A
-KysKtr7wrKKJ8w+Dj7qjJstyXtKIw9weFi9oVwJkMvy2utn+JARs7puh7KC27TXC
-slZJrHf4vx+y8qSjRS0W4z8CPl8/auiYOilepT9JoxwGUP7J/nTr5SCofgWcdZm5
-FtgHoCcABjzcF+mrKUofuqrx6oYSDCS0JkV2tClQI6ybXnjRwIIicLmBN9UDHCuU
-9ZOesYp5XrJyBoD3Zv51b19xJyOfuWAUQvlNPRH2TpgvisutpESU/o869z5AMn4Z
-BfDD/0oR1ALbk/sB3r13Xi6oJZAB2AbggoQRlwvPeWc3MdS+bFNV2o2ue0ov6Fkd
-U5C/GnJVlyE0cv9I+YvxtLT6T/Gf/yoUZGfB7xD5QkHpMIEmKxUYqGNBB/NcnFMY
-Tal8jMDtZDEk+uk0MahE7GsL6Z3xrkKTevG+Rr3j+beFYie2RJbNwwUyQ1lL3EoA
-Rx1AMk+nYlvxVHiciYJNh9nffgAXXwO255IkWvYzmuPBEP1LmqadA4fQPf5Rgj3u
-DuOX3hJ+rIyRIoDXOZio3SDf+bb380xCxF+7efJ27Ep0sFviAq5qKeptbyt51Dp8
-tlbeYAylhVbV9Zgd+EozwE7Btlfqt3sbUij/0Iy+BdOYSPLmvx3oKybpipZ0i3fo
-KR/bZHlMKF1Ipd5L7zEwh5aTjImuomoyRyZG3NWdv44
--> piv-p256 vRzPNw A7FwWUuml/VyHcOmha3R/DOg1RvnRXcwjaJJH/sgmsBR
-+CP1/qY8sHbR7nkFl1T5HPsjYLRPDCSR01DEJaim96o
--> piv-p256 zqq/iw AgYhaJWqe+QbVCHkXsU7AQhWhte/fjwVbOgmHVRPHsEE
-7jNmDI62i/9RakJhbo3MP0qMgXYGlhAW9BKo8HLWQYc
--> ssh-ed25519 YFSOsg cGPMyhqcd20TDBeMkSDJ8hQ/vE9cuDgVi1hfcwAKVjw
-U9GRSr607w5oUGr0rC6XqdWMD65JidY/Ri3Ex1dmGXI
--> ssh-ed25519 iHV63A cW7bblsvL1TwI6lp8KjPfUwB5EzWilLhc6Z2geE3SQw
-PzBdZ/LXA7iGI7ZjErredqC7ehHsr5MCY3qENv0nZI8
--> ssh-ed25519 BVsyTA AGDqp6Rrp2vStBU9+eJMGf5O4SZQIASE63n8vbf8PEs
-SFakjoivQrFkSUBGZ9sISKVhAxNOpc2RxugiBTSK9/k
--> ssh-ed25519 +3V2lQ MmMv45CQFAdgkV/B7InOY22iXzvIU8TY41SV5Jxx7RQ
-vNIRE5wSXVzy4miZLV90T1TEOhOjYQT12GWtZpsTxJ8
---- EBBXvYr1OpETpgXOsUfJn6h1e4rXF+olz6DbhDUWCcw
-.��
-��s�~����Hͯk� 2 ��9�����Bz��?�3���T�J`��g��P��io��r���" ������w�s-K�6��f�
-�0XΌv��X�&�8�
��g�=�zrH�jh>�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 3678d9b..9bf2f9d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -67,12 +67,14 @@ in
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
- "matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-authentication-service-secret-config.yml.age".publicKeys = nachtigallKeys ++ adminKeys;
+ "matrix-appservice-irc-mediaproxy-signing-key.jwk.age".publicKeys = nachtigallKeys ++ adminKeys;
"staging-matrix-synapse-secret-config.yaml.age".publicKeys = undergroundKeys ++ adminKeys;
"staging-matrix-authentication-service-secret-config.yml.age".publicKeys =
undergroundKeys ++ adminKeys;
+ "staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age".publicKeys =
+ undergroundKeys ++ adminKeys;
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
diff --git a/secrets/staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age b/secrets/staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age
new file mode 100644
index 0000000..8b4a65e
Binary files /dev/null and b/secrets/staging-matrix-appservice-irc-mediaproxy-signing-key.jwk.age differ