diff --git a/flake.lock b/flake.lock index 412674f..248f5b0 100644 --- a/flake.lock +++ b/flake.lock @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1689875310, - "narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=", + "lastModified": 1701601812, + "narHash": "sha256-ZasiO0UOpDYumIjoUcfInVST7vBsCUaXZ8ZfnSxwXz8=", "ref": "main", - "rev": "c2c86bbf9855f16a231a596b75b443232a7b9395", - "revCount": 24, + "rev": "bba54d2f5cd616ff5fded4c95f1e4f99faa2f5d0", + "revCount": 26, "type": "git", "url": "https://git.pub.solar/pub-solar/keycloak-theme" }, diff --git a/hosts/nachtigall/apps/matrix/irc.nix b/hosts/nachtigall/apps/matrix/irc.nix index 8f65985..da20617 100644 --- a/hosts/nachtigall/apps/matrix/irc.nix +++ b/hosts/nachtigall/apps/matrix/irc.nix @@ -1,5 +1,10 @@ -{lib, ...}: +{pkgs, lib, ...}: { + systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [ + "@system-service @pkey" + "~@privileged @resources" + "@chown" + ]; services.matrix-appservice-irc = { enable = true; localpart = "irc_bot"; diff --git a/hosts/nachtigall/apps/matrix/synapse.nix b/hosts/nachtigall/apps/matrix/synapse.nix index 0999038..8c4d826 100644 --- a/hosts/nachtigall/apps/matrix/synapse.nix +++ b/hosts/nachtigall/apps/matrix/synapse.nix @@ -218,6 +218,11 @@ in { "/var/lib/matrix-synapse/telegram-registration.yaml" ]; + extras = [ + "oidc" + "redis" + ]; + plugins = [ config.services.matrix-synapse.package.plugins.matrix-synapse-shared-secret-auth ]; diff --git a/terraform/dns.tf b/terraform/dns.tf index 1e61160..57b230c 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -8,7 +8,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "flora-6" type = "A" address = "80.71.153.210" - ttl = 60 } record { hostname = "auth" @@ -19,7 +18,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "ci" type = "A" address = "80.71.153.210" - ttl = 60 } record { hostname = "git" @@ -52,19 +50,16 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "cache" type = "A" address = "95.217.225.160" - ttl = 60 } record { hostname = "factorio" type = "A" address = "80.244.242.2" - ttl = 60 } record { hostname = "collabora" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "@" @@ -76,19 +71,17 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "chat" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "cloud" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { - hostname = "coturn" + hostname = "turn" type = "A" - address = "80.71.153.239" - ttl = 60 + address = "138.201.80.102" + ttl = 300 } record { hostname = "hpb" @@ -96,18 +89,6 @@ resource "namecheap_domain_records" "pub-solar" { address = "80.71.153.239" ttl = 60 } - record { - hostname = "dimension" - type = "A" - address = "85.88.23.162" - ttl = 60 - } - record { - hostname = "element" - type = "A" - address = "85.88.23.162" - ttl = 60 - } record { hostname = "files" type = "CNAME" @@ -132,7 +113,6 @@ resource "namecheap_domain_records" "pub-solar" { hostname = "matrix" type = "CNAME" address = "nachtigall.pub.solar." - ttl = 60 } record { hostname = "www"